Fixed #159 -- Prevent the `AdminSite` from logging users out when they try to... (03eeb020) · Commits · Dom Sekotill / django

django/contrib/admin/sites.py

100644 → 100755

+6 −2

Original line number	Diff line number	Diff line
		from functools import update_wrapper
		from django import http
		from django.http import Http404, HttpResponseRedirect
		from django.contrib.admin import ModelAdmin, actions
		from django.contrib.admin.forms import AdminAuthenticationForm
		from django.contrib.auth import REDIRECT_FIELD_NAME
		@@ -188,6 +188,10 @@ class AdminSite(object):
		"""
		def inner(request, args, *kwargs):
		if not self.has_permission(request):
		if request.path == reverse('admin:logout',
		current_app=self.name):
		index_path = reverse('admin:index', current_app=self.name)
		return HttpResponseRedirect(index_path)
		return self.login(request)
		return view(request, args, *kwargs)
		if not cacheable:
		@@ -421,7 +425,7 @@ class AdminSite(object):
		'models': [model_dict],
		}
		if not app_dict:
		raise http.Http404('The requested admin page does not exist.')
		raise Http404('The requested admin page does not exist.')
		# Sort the models alphabetically within each app.
		app_dict['models'].sort(key=lambda x: x['name'])
		context = {

100644 → 100755

+28 −0

Original line number	Diff line number	Diff line
		@@ -3385,3 +3385,31 @@ class AdminCustomSaveRelatedTests(TestCase):

		self.assertEqual('Josh Stone', Parent.objects.latest('id').name)
		self.assertEqual([u'Catherine Stone', u'Paul Stone'], children_names)


		class AdminViewLogoutTest(TestCase):
		urls = "regressiontests.admin_views.urls"
		fixtures = ['admin-views-users.xml']

		def setUp(self):
		self.client.login(username='super', password='secret')

		def tearDown(self):
		self.client.logout()

		def test_client_logout_url_can_be_used_to_login(self):
		response = self.client.get('/test_admin/admin/logout/')
		self.assertEqual(response.status_code, 200)
		self.assertEqual(response.template_name, 'registration/logged_out.html')
		self.assertEqual(response.request['PATH_INFO'], '/test_admin/admin/logout/')

		# we are now logged out
		response = self.client.get('/test_admin/admin/logout/')
		self.assertEqual(response.status_code, 302) # we should be redirected to the login page.

		# follow the redirect and test results.
		response = self.client.get('/test_admin/admin/logout/', follow=True)
		self.assertEqual(response.status_code, 200)
		self.assertEqual(response.template_name, 'admin/login.html')
		self.assertEqual(response.request['PATH_INFO'], '/test_admin/admin/')
		self.assertContains(response, '<input type="hidden" name="next" value="/test_admin/admin/" />')