From 7cc2efc2d6916c05a0a5cb0c0e67f5405d8f6a03 Mon Sep 17 00:00:00 2001 From: Scott Pashley Date: Tue, 5 Jan 2016 11:29:09 +0000 Subject: [PATCH] Fixed #26035 -- Prevented user-tools from appearing on admin logout page. --- AUTHORS | 1 + django/contrib/admin/sites.py | 8 +++++++- docs/releases/1.8.9.txt | 3 ++- docs/releases/1.9.2.txt | 3 +++ tests/admin_views/tests.py | 10 +++++----- 5 files changed, 18 insertions(+), 7 deletions(-) diff --git a/AUTHORS b/AUTHORS index fe6d8c76a9..eeeca06e52 100644 --- a/AUTHORS +++ b/AUTHORS @@ -641,6 +641,7 @@ answer newbie questions, and generally made Django that much better: schwank@gmail.com Scot Hacker Scott Barr + Scott Pashley scott@staplefish.com Sean Brant Sebastian Hillig diff --git a/django/contrib/admin/sites.py b/django/contrib/admin/sites.py index 949a23c8aa..77da4c0fd7 100644 --- a/django/contrib/admin/sites.py +++ b/django/contrib/admin/sites.py @@ -372,7 +372,13 @@ class AdminSite(object): """ from django.contrib.auth.views import logout defaults = { - 'extra_context': dict(self.each_context(request), **(extra_context or {})), + 'extra_context': dict( + self.each_context(request), + # Since the user isn't logged out at this point, the value of + # has_permission must be overridden. + has_permission=False, + **(extra_context or {}) + ), } if self.logout_template is not None: defaults['template_name'] = self.logout_template diff --git a/docs/releases/1.8.9.txt b/docs/releases/1.8.9.txt index d5735fc0d4..be3b719b1e 100644 --- a/docs/releases/1.8.9.txt +++ b/docs/releases/1.8.9.txt @@ -9,4 +9,5 @@ Django 1.8.9 fixes several bugs in 1.8.8. Bugfixes ======== -* ... +* Fixed a regression that caused the "user-tools" items to display on the + admin's logout page (:ticket:`26035`). diff --git a/docs/releases/1.9.2.txt b/docs/releases/1.9.2.txt index 8e04de6e29..4cddae3938 100644 --- a/docs/releases/1.9.2.txt +++ b/docs/releases/1.9.2.txt @@ -11,3 +11,6 @@ Bugfixes * Fixed a regression in ``ConditionalGetMiddleware`` causing ``If-None-Match`` checks to always return HTTP 200 (:ticket:`26024`). + +* Fixed a regression that caused the "user-tools" items to display on the + admin's logout page (:ticket:`26035`). diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py index b07b1a7bb7..457ac47646 100644 --- a/tests/admin_views/tests.py +++ b/tests/admin_views/tests.py @@ -5442,7 +5442,7 @@ class AdminCustomSaveRelatedTests(TestCase): @override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'], ROOT_URLCONF="admin_views.urls") -class AdminViewLogoutTest(TestCase): +class AdminViewLogoutTests(TestCase): @classmethod def setUpTestData(cls): @@ -5453,16 +5453,16 @@ class AdminViewLogoutTest(TestCase): is_staff=True, is_active=True, date_joined=datetime.datetime(2007, 5, 30, 13, 20, 10) ) - def setUp(self): + def test_logout(self): self.client.force_login(self.superuser) - - def test_client_logout_url_can_be_used_to_login(self): response = self.client.get(reverse('admin:logout')) self.assertEqual(response.status_code, 200) self.assertTemplateUsed(response, 'registration/logged_out.html') self.assertEqual(response.request['PATH_INFO'], reverse('admin:logout')) + self.assertFalse(response.context['has_permission']) + self.assertNotContains(response, 'user-tools') # user-tools div shouldn't visible. - # we are now logged out + def test_client_logout_url_can_be_used_to_login(self): response = self.client.get(reverse('admin:logout')) self.assertEqual(response.status_code, 302) # we should be redirected to the login page.