summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorScott Pashley <github@scottpashley.co.uk>2016-01-05 11:29:09 +0000
committerTim Graham <timograham@gmail.com>2016-01-06 13:52:25 -0500
commita7b69c8657609c925da055553f289760a66c64cf (patch)
tree80a6b5619a866fae78a5e4dd564eefb0365cd728
parentc74b1b408a3ccdc1f1c199e709f7c825644f1a9e (diff)
[1.9.x] Fixed #26035 -- Prevented user-tools from appearing on admin logout page.
Backport of 7cc2efc2d6916c05a0a5cb0c0e67f5405d8f6a03 from master
-rw-r--r--AUTHORS1
-rw-r--r--django/contrib/admin/sites.py8
-rw-r--r--docs/releases/1.8.9.txt3
-rw-r--r--docs/releases/1.9.2.txt3
-rw-r--r--tests/admin_views/tests.py10
5 files changed, 18 insertions, 7 deletions
diff --git a/AUTHORS b/AUTHORS
index 6e6e84cacf..e72aabb98e 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -636,6 +636,7 @@ answer newbie questions, and generally made Django that much better:
schwank@gmail.com
Scot Hacker <shacker@birdhouse.org>
Scott Barr <scott@divisionbyzero.com.au>
+ Scott Pashley <github@scottpashley.co.uk>
scott@staplefish.com
Sean Brant
Sebastian Hillig <sebastian.hillig@gmail.com>
diff --git a/django/contrib/admin/sites.py b/django/contrib/admin/sites.py
index 39f22b8d0e..0e43b18ac8 100644
--- a/django/contrib/admin/sites.py
+++ b/django/contrib/admin/sites.py
@@ -367,7 +367,13 @@ class AdminSite(object):
"""
from django.contrib.auth.views import logout
defaults = {
- 'extra_context': dict(self.each_context(request), **(extra_context or {})),
+ 'extra_context': dict(
+ self.each_context(request),
+ # Since the user isn't logged out at this point, the value of
+ # has_permission must be overridden.
+ has_permission=False,
+ **(extra_context or {})
+ ),
}
if self.logout_template is not None:
defaults['template_name'] = self.logout_template
diff --git a/docs/releases/1.8.9.txt b/docs/releases/1.8.9.txt
index d5735fc0d4..be3b719b1e 100644
--- a/docs/releases/1.8.9.txt
+++ b/docs/releases/1.8.9.txt
@@ -9,4 +9,5 @@ Django 1.8.9 fixes several bugs in 1.8.8.
Bugfixes
========
-* ...
+* Fixed a regression that caused the "user-tools" items to display on the
+ admin's logout page (:ticket:`26035`).
diff --git a/docs/releases/1.9.2.txt b/docs/releases/1.9.2.txt
index 8e04de6e29..4cddae3938 100644
--- a/docs/releases/1.9.2.txt
+++ b/docs/releases/1.9.2.txt
@@ -11,3 +11,6 @@ Bugfixes
* Fixed a regression in ``ConditionalGetMiddleware`` causing ``If-None-Match`` checks
to always return HTTP 200 (:ticket:`26024`).
+
+* Fixed a regression that caused the "user-tools" items to display on the
+ admin's logout page (:ticket:`26035`).
diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py
index 4f6146c344..f0780ea615 100644
--- a/tests/admin_views/tests.py
+++ b/tests/admin_views/tests.py
@@ -5519,7 +5519,7 @@ class AdminCustomSaveRelatedTests(TestCase):
@override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'],
ROOT_URLCONF="admin_views.urls")
-class AdminViewLogoutTest(TestCase):
+class AdminViewLogoutTests(TestCase):
@classmethod
def setUpTestData(cls):
@@ -5530,16 +5530,16 @@ class AdminViewLogoutTest(TestCase):
is_staff=True, is_active=True, date_joined=datetime.datetime(2007, 5, 30, 13, 20, 10)
)
- def setUp(self):
+ def test_logout(self):
self.client.force_login(self.superuser)
-
- def test_client_logout_url_can_be_used_to_login(self):
response = self.client.get(reverse('admin:logout'))
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, 'registration/logged_out.html')
self.assertEqual(response.request['PATH_INFO'], reverse('admin:logout'))
+ self.assertFalse(response.context['has_permission'])
+ self.assertNotContains(response, 'user-tools') # user-tools div shouldn't visible.
- # we are now logged out
+ def test_client_logout_url_can_be_used_to_login(self):
response = self.client.get(reverse('admin:logout'))
self.assertEqual(response.status_code, 302) # we should be redirected to the login page.