1
0
mirror of https://github.com/django/django.git synced 2025-10-25 14:46:09 +00:00

Fixed #26035 -- Prevented user-tools from appearing on admin logout page.

This commit is contained in:
Scott Pashley
2016-01-05 11:29:09 +00:00
committed by Tim Graham
parent 62e83c71d2
commit 7cc2efc2d6
5 changed files with 18 additions and 7 deletions

View File

@@ -641,6 +641,7 @@ answer newbie questions, and generally made Django that much better:
schwank@gmail.com schwank@gmail.com
Scot Hacker <shacker@birdhouse.org> Scot Hacker <shacker@birdhouse.org>
Scott Barr <scott@divisionbyzero.com.au> Scott Barr <scott@divisionbyzero.com.au>
Scott Pashley <github@scottpashley.co.uk>
scott@staplefish.com scott@staplefish.com
Sean Brant Sean Brant
Sebastian Hillig <sebastian.hillig@gmail.com> Sebastian Hillig <sebastian.hillig@gmail.com>

View File

@@ -372,7 +372,13 @@ class AdminSite(object):
""" """
from django.contrib.auth.views import logout from django.contrib.auth.views import logout
defaults = { defaults = {
'extra_context': dict(self.each_context(request), **(extra_context or {})), 'extra_context': dict(
self.each_context(request),
# Since the user isn't logged out at this point, the value of
# has_permission must be overridden.
has_permission=False,
**(extra_context or {})
),
} }
if self.logout_template is not None: if self.logout_template is not None:
defaults['template_name'] = self.logout_template defaults['template_name'] = self.logout_template

View File

@@ -9,4 +9,5 @@ Django 1.8.9 fixes several bugs in 1.8.8.
Bugfixes Bugfixes
======== ========
* ... * Fixed a regression that caused the "user-tools" items to display on the
admin's logout page (:ticket:`26035`).

View File

@@ -11,3 +11,6 @@ Bugfixes
* Fixed a regression in ``ConditionalGetMiddleware`` causing ``If-None-Match`` checks * Fixed a regression in ``ConditionalGetMiddleware`` causing ``If-None-Match`` checks
to always return HTTP 200 (:ticket:`26024`). to always return HTTP 200 (:ticket:`26024`).
* Fixed a regression that caused the "user-tools" items to display on the
admin's logout page (:ticket:`26035`).

View File

@@ -5442,7 +5442,7 @@ class AdminCustomSaveRelatedTests(TestCase):
@override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'], @override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'],
ROOT_URLCONF="admin_views.urls") ROOT_URLCONF="admin_views.urls")
class AdminViewLogoutTest(TestCase): class AdminViewLogoutTests(TestCase):
@classmethod @classmethod
def setUpTestData(cls): def setUpTestData(cls):
@@ -5453,16 +5453,16 @@ class AdminViewLogoutTest(TestCase):
is_staff=True, is_active=True, date_joined=datetime.datetime(2007, 5, 30, 13, 20, 10) is_staff=True, is_active=True, date_joined=datetime.datetime(2007, 5, 30, 13, 20, 10)
) )
def setUp(self): def test_logout(self):
self.client.force_login(self.superuser) self.client.force_login(self.superuser)
def test_client_logout_url_can_be_used_to_login(self):
response = self.client.get(reverse('admin:logout')) response = self.client.get(reverse('admin:logout'))
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, 'registration/logged_out.html') self.assertTemplateUsed(response, 'registration/logged_out.html')
self.assertEqual(response.request['PATH_INFO'], reverse('admin:logout')) self.assertEqual(response.request['PATH_INFO'], reverse('admin:logout'))
self.assertFalse(response.context['has_permission'])
self.assertNotContains(response, 'user-tools') # user-tools div shouldn't visible.
# we are now logged out def test_client_logout_url_can_be_used_to_login(self):
response = self.client.get(reverse('admin:logout')) response = self.client.get(reverse('admin:logout'))
self.assertEqual(response.status_code, 302) # we should be redirected to the login page. self.assertEqual(response.status_code, 302) # we should be redirected to the login page.