diff options
| author | Tim Graham <timograham@gmail.com> | 2013-09-09 07:59:35 -0400 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2013-09-09 07:59:35 -0400 |
| commit | aeed2cf3b23161f228c8b221e56ea4d8a7cf71aa (patch) | |
| tree | e3b3144514f4a41fe08ba9afe5a0e1f57437d347 /tests | |
| parent | 28a571348bca9c5a3c137e495e7d3c9349a5bd56 (diff) | |
Added a test to show that the user.is_staff check in admin base.html is necessary.
refs #21067
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/admin_views/tests.py | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py index 18d06f075c..ac289c550a 100644 --- a/tests/admin_views/tests.py +++ b/tests/admin_views/tests.py @@ -1296,6 +1296,19 @@ class AdminViewPermissionsTest(TestCase): response = self.client.get('/test_admin/admin/secure-view/') self.assertContains(response, 'id="login-form"') + def testDisabledStaffPermissionsWhenLoggedIn(self): + self.client.login(username='super', password='secret') + superuser = User.objects.get(username='super') + superuser.is_staff = False + superuser.save() + + response = self.client.get('/test_admin/admin/') + self.assertContains(response, 'id="login-form"') + self.assertNotContains(response, 'Log out') + + response = self.client.get('/test_admin/admin/secure-view/') + self.assertContains(response, 'id="login-form"') + @override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',)) class AdminViewsNoUrlTest(TestCase): |
