summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorScott Pashley <github@scottpashley.co.uk>2016-01-05 11:29:09 +0000
committerTim Graham <timograham@gmail.com>2016-01-06 13:48:02 -0500
commit7cc2efc2d6916c05a0a5cb0c0e67f5405d8f6a03 (patch)
treec99f8537715f2e44fa3b610a6ba0f604762f5ca0
parent62e83c71d2086b91d58c313e46933ef7aa8b6db1 (diff)
Fixed #26035 -- Prevented user-tools from appearing on admin logout page.
-rw-r--r--AUTHORS1
-rw-r--r--django/contrib/admin/sites.py8
-rw-r--r--docs/releases/1.8.9.txt3
-rw-r--r--docs/releases/1.9.2.txt3
-rw-r--r--tests/admin_views/tests.py10
5 files changed, 18 insertions, 7 deletions
diff --git a/AUTHORS b/AUTHORS
index fe6d8c76a9..eeeca06e52 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -641,6 +641,7 @@ answer newbie questions, and generally made Django that much better:
schwank@gmail.com
Scot Hacker <shacker@birdhouse.org>
Scott Barr <scott@divisionbyzero.com.au>
+ Scott Pashley <github@scottpashley.co.uk>
scott@staplefish.com
Sean Brant
Sebastian Hillig <sebastian.hillig@gmail.com>
diff --git a/django/contrib/admin/sites.py b/django/contrib/admin/sites.py
index 949a23c8aa..77da4c0fd7 100644
--- a/django/contrib/admin/sites.py
+++ b/django/contrib/admin/sites.py
@@ -372,7 +372,13 @@ class AdminSite(object):
"""
from django.contrib.auth.views import logout
defaults = {
- 'extra_context': dict(self.each_context(request), **(extra_context or {})),
+ 'extra_context': dict(
+ self.each_context(request),
+ # Since the user isn't logged out at this point, the value of
+ # has_permission must be overridden.
+ has_permission=False,
+ **(extra_context or {})
+ ),
}
if self.logout_template is not None:
defaults['template_name'] = self.logout_template
diff --git a/docs/releases/1.8.9.txt b/docs/releases/1.8.9.txt
index d5735fc0d4..be3b719b1e 100644
--- a/docs/releases/1.8.9.txt
+++ b/docs/releases/1.8.9.txt
@@ -9,4 +9,5 @@ Django 1.8.9 fixes several bugs in 1.8.8.
Bugfixes
========
-* ...
+* Fixed a regression that caused the "user-tools" items to display on the
+ admin's logout page (:ticket:`26035`).
diff --git a/docs/releases/1.9.2.txt b/docs/releases/1.9.2.txt
index 8e04de6e29..4cddae3938 100644
--- a/docs/releases/1.9.2.txt
+++ b/docs/releases/1.9.2.txt
@@ -11,3 +11,6 @@ Bugfixes
* Fixed a regression in ``ConditionalGetMiddleware`` causing ``If-None-Match`` checks
to always return HTTP 200 (:ticket:`26024`).
+
+* Fixed a regression that caused the "user-tools" items to display on the
+ admin's logout page (:ticket:`26035`).
diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py
index b07b1a7bb7..457ac47646 100644
--- a/tests/admin_views/tests.py
+++ b/tests/admin_views/tests.py
@@ -5442,7 +5442,7 @@ class AdminCustomSaveRelatedTests(TestCase):
@override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'],
ROOT_URLCONF="admin_views.urls")
-class AdminViewLogoutTest(TestCase):
+class AdminViewLogoutTests(TestCase):
@classmethod
def setUpTestData(cls):
@@ -5453,16 +5453,16 @@ class AdminViewLogoutTest(TestCase):
is_staff=True, is_active=True, date_joined=datetime.datetime(2007, 5, 30, 13, 20, 10)
)
- def setUp(self):
+ def test_logout(self):
self.client.force_login(self.superuser)
-
- def test_client_logout_url_can_be_used_to_login(self):
response = self.client.get(reverse('admin:logout'))
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, 'registration/logged_out.html')
self.assertEqual(response.request['PATH_INFO'], reverse('admin:logout'))
+ self.assertFalse(response.context['has_permission'])
+ self.assertNotContains(response, 'user-tools') # user-tools div shouldn't visible.
- # we are now logged out
+ def test_client_logout_url_can_be_used_to_login(self):
response = self.client.get(reverse('admin:logout'))
self.assertEqual(response.status_code, 302) # we should be redirected to the login page.