diff options
| author | Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | 2025-01-17 17:44:25 +0100 |
|---|---|---|
| committer | nessita <124304+nessita@users.noreply.github.com> | 2025-04-17 12:00:20 -0300 |
| commit | d755a98b8438c10f3cff61303ceb1fe16d414e9b (patch) | |
| tree | 7fe508bdc927f8abe04fd2457abbb471daac6203 /tests/auth_tests | |
| parent | 8a0ad1ebe313a4f4fca6e9068c06ee400d15b8a4 (diff) | |
Fixed #35959 -- Displayed password reset button in admin only when user has sufficient permissions.
This change ensures that the "Reset password" button in the admin is
shown only when the user has the necessary permission to perform a
password change operation. It reuses the password hashing rendering
logic in `display_for_field` to show the appropriate read-only widget
for users with view-only access.
Diffstat (limited to 'tests/auth_tests')
| -rw-r--r-- | tests/auth_tests/test_views.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/tests/auth_tests/test_views.py b/tests/auth_tests/test_views.py index 156520ebf7..c8f0be1be7 100644 --- a/tests/auth_tests/test_views.py +++ b/tests/auth_tests/test_views.py @@ -1703,7 +1703,7 @@ class ChangelistTests(MessagesTestMixin, AuthViewsTestCase): ) algo, salt, hash_string = u.password.split("$") self.assertContains(response, '<div class="readonly">testclient</div>') - # ReadOnlyPasswordHashWidget is used to render the field. + # The password value is hashed. self.assertContains( response, "<strong>algorithm</strong>: <bdi>%s</bdi>\n\n" @@ -1716,6 +1716,10 @@ class ChangelistTests(MessagesTestMixin, AuthViewsTestCase): ), html=True, ) + self.assertNotContains( + response, + '<a role="button" class="button" href="../password/">Reset password</a>', + ) # Value in POST data is ignored. data = self.get_user_data(u) data["password"] = "shouldnotchange" |