1
0
mirror of https://github.com/django/django.git synced 2024-12-22 09:05:43 +00:00

Fixed #26035 -- Prevented user-tools from appearing on admin logout page.

This commit is contained in:
Scott Pashley 2016-01-05 11:29:09 +00:00 committed by Tim Graham
parent 62e83c71d2
commit 7cc2efc2d6
5 changed files with 18 additions and 7 deletions

View File

@ -641,6 +641,7 @@ answer newbie questions, and generally made Django that much better:
schwank@gmail.com
Scot Hacker <shacker@birdhouse.org>
Scott Barr <scott@divisionbyzero.com.au>
Scott Pashley <github@scottpashley.co.uk>
scott@staplefish.com
Sean Brant
Sebastian Hillig <sebastian.hillig@gmail.com>

View File

@ -372,7 +372,13 @@ class AdminSite(object):
"""
from django.contrib.auth.views import logout
defaults = {
'extra_context': dict(self.each_context(request), **(extra_context or {})),
'extra_context': dict(
self.each_context(request),
# Since the user isn't logged out at this point, the value of
# has_permission must be overridden.
has_permission=False,
**(extra_context or {})
),
}
if self.logout_template is not None:
defaults['template_name'] = self.logout_template

View File

@ -9,4 +9,5 @@ Django 1.8.9 fixes several bugs in 1.8.8.
Bugfixes
========
* ...
* Fixed a regression that caused the "user-tools" items to display on the
admin's logout page (:ticket:`26035`).

View File

@ -11,3 +11,6 @@ Bugfixes
* Fixed a regression in ``ConditionalGetMiddleware`` causing ``If-None-Match`` checks
to always return HTTP 200 (:ticket:`26024`).
* Fixed a regression that caused the "user-tools" items to display on the
admin's logout page (:ticket:`26035`).

View File

@ -5442,7 +5442,7 @@ class AdminCustomSaveRelatedTests(TestCase):
@override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'],
ROOT_URLCONF="admin_views.urls")
class AdminViewLogoutTest(TestCase):
class AdminViewLogoutTests(TestCase):
@classmethod
def setUpTestData(cls):
@ -5453,16 +5453,16 @@ class AdminViewLogoutTest(TestCase):
is_staff=True, is_active=True, date_joined=datetime.datetime(2007, 5, 30, 13, 20, 10)
)
def setUp(self):
def test_logout(self):
self.client.force_login(self.superuser)
def test_client_logout_url_can_be_used_to_login(self):
response = self.client.get(reverse('admin:logout'))
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, 'registration/logged_out.html')
self.assertEqual(response.request['PATH_INFO'], reverse('admin:logout'))
self.assertFalse(response.context['has_permission'])
self.assertNotContains(response, 'user-tools') # user-tools div shouldn't visible.
# we are now logged out
def test_client_logout_url_can_be_used_to_login(self):
response = self.client.get(reverse('admin:logout'))
self.assertEqual(response.status_code, 302) # we should be redirected to the login page.