summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2013-09-09 07:59:35 -0400
committerTim Graham <timograham@gmail.com>2013-09-09 07:59:35 -0400
commitaeed2cf3b23161f228c8b221e56ea4d8a7cf71aa (patch)
treee3b3144514f4a41fe08ba9afe5a0e1f57437d347
parent28a571348bca9c5a3c137e495e7d3c9349a5bd56 (diff)
Added a test to show that the user.is_staff check in admin base.html is necessary.
refs #21067
-rw-r--r--tests/admin_views/tests.py13
1 files changed, 13 insertions, 0 deletions
diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py
index 18d06f075c..ac289c550a 100644
--- a/tests/admin_views/tests.py
+++ b/tests/admin_views/tests.py
@@ -1296,6 +1296,19 @@ class AdminViewPermissionsTest(TestCase):
response = self.client.get('/test_admin/admin/secure-view/')
self.assertContains(response, 'id="login-form"')
+ def testDisabledStaffPermissionsWhenLoggedIn(self):
+ self.client.login(username='super', password='secret')
+ superuser = User.objects.get(username='super')
+ superuser.is_staff = False
+ superuser.save()
+
+ response = self.client.get('/test_admin/admin/')
+ self.assertContains(response, 'id="login-form"')
+ self.assertNotContains(response, 'Log out')
+
+ response = self.client.get('/test_admin/admin/secure-view/')
+ self.assertContains(response, 'id="login-form"')
+
@override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',))
class AdminViewsNoUrlTest(TestCase):