Commit 7688089e authored by Scott Pashley's avatar Scott Pashley Committed by Tim Graham
Browse files

[1.8.x] Fixed #26035 -- Prevented user-tools from appearing on admin logout page. 

Backport of 7cc2efc2 from master
parent 5c1de942

AUTHORS

+1 −0
Original line number Diff line number Diff line
@@ -611,6 +611,7 @@ answer newbie questions, and generally made Django that much better: 
    schwank@gmail.com

    Scot Hacker <shacker@birdhouse.org>

    Scott Barr <scott@divisionbyzero.com.au>

    Scott Pashley <github@scottpashley.co.uk>

    scott@staplefish.com

    Sean Brant

    Sebastian Hillig <sebastian.hillig@gmail.com>

django/contrib/admin/sites.py

+7 −1
Original line number Diff line number Diff line
@@ -355,7 +355,13 @@ class AdminSite(object): 
        from django.contrib.auth.views import logout

        defaults = {

            'current_app': self.name,

            'extra_context': dict(self.each_context(request), **(extra_context or {})),

            'extra_context': dict(

                self.each_context(request),

                # Since the user isn't logged out at this point, the value of

                # has_permission must be overridden.

                has_permission=False,

                **(extra_context or {})

            ),

        }

        if self.logout_template is not None:

            defaults['template_name'] = self.logout_template

docs/releases/1.8.9.txt

+2 −1
Original line number Diff line number Diff line
@@ -9,4 +9,5 @@ Django 1.8.9 fixes several bugs in 1.8.8. 
Bugfixes

========



* ...
 
* Fixed a regression that caused the "user-tools" items to display on the

  admin's logout page (:ticket:`26035`).

tests/admin_views/tests.py

+5 −5
Original line number Diff line number Diff line
@@ -4832,19 +4832,19 @@ class AdminCustomSaveRelatedTests(TestCase): 


@override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',),

    ROOT_URLCONF="admin_views.urls")

class AdminViewLogoutTest(TestCase):

class AdminViewLogoutTests(TestCase):

    fixtures = ['admin-views-users.xml']



    def setUp(self):

    def test_logout(self):

        self.client.login(username='super', password='secret')



    def test_client_logout_url_can_be_used_to_login(self):

        response = self.client.get(reverse('admin:logout'))

        self.assertEqual(response.status_code, 200)

        self.assertTemplateUsed(response, 'registration/logged_out.html')

        self.assertEqual(response.request['PATH_INFO'], reverse('admin:logout'))

        self.assertFalse(response.context['has_permission'])

        self.assertNotContains(response, 'user-tools')  # user-tools div shouldn't visible.



        # we are now logged out

    def test_client_logout_url_can_be_used_to_login(self):

        response = self.client.get(reverse('admin:logout'))

        self.assertEqual(response.status_code, 302)  # we should be redirected to the login page.