[1.8.x] Fixed #26035 -- Prevented user-tools from appearing on admin logout page.

Backport of 7cc2efc2d6 from master
This commit is contained in:
Scott Pashley 2016-01-05 11:29:09 +00:00 committed by Tim Graham
parent 5c1de942ac
commit 7688089e0f
4 changed files with 15 additions and 7 deletions

View File

@ -611,6 +611,7 @@ answer newbie questions, and generally made Django that much better:
schwank@gmail.com schwank@gmail.com
Scot Hacker <shacker@birdhouse.org> Scot Hacker <shacker@birdhouse.org>
Scott Barr <scott@divisionbyzero.com.au> Scott Barr <scott@divisionbyzero.com.au>
Scott Pashley <github@scottpashley.co.uk>
scott@staplefish.com scott@staplefish.com
Sean Brant Sean Brant
Sebastian Hillig <sebastian.hillig@gmail.com> Sebastian Hillig <sebastian.hillig@gmail.com>

View File

@ -355,7 +355,13 @@ class AdminSite(object):
from django.contrib.auth.views import logout from django.contrib.auth.views import logout
defaults = { defaults = {
'current_app': self.name, 'current_app': self.name,
'extra_context': dict(self.each_context(request), **(extra_context or {})), 'extra_context': dict(
self.each_context(request),
# Since the user isn't logged out at this point, the value of
# has_permission must be overridden.
has_permission=False,
**(extra_context or {})
),
} }
if self.logout_template is not None: if self.logout_template is not None:
defaults['template_name'] = self.logout_template defaults['template_name'] = self.logout_template

View File

@ -9,4 +9,5 @@ Django 1.8.9 fixes several bugs in 1.8.8.
Bugfixes Bugfixes
======== ========
* ... * Fixed a regression that caused the "user-tools" items to display on the
admin's logout page (:ticket:`26035`).

View File

@ -4832,19 +4832,19 @@ class AdminCustomSaveRelatedTests(TestCase):
@override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',), @override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',),
ROOT_URLCONF="admin_views.urls") ROOT_URLCONF="admin_views.urls")
class AdminViewLogoutTest(TestCase): class AdminViewLogoutTests(TestCase):
fixtures = ['admin-views-users.xml'] fixtures = ['admin-views-users.xml']
def setUp(self): def test_logout(self):
self.client.login(username='super', password='secret') self.client.login(username='super', password='secret')
def test_client_logout_url_can_be_used_to_login(self):
response = self.client.get(reverse('admin:logout')) response = self.client.get(reverse('admin:logout'))
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, 'registration/logged_out.html') self.assertTemplateUsed(response, 'registration/logged_out.html')
self.assertEqual(response.request['PATH_INFO'], reverse('admin:logout')) self.assertEqual(response.request['PATH_INFO'], reverse('admin:logout'))
self.assertFalse(response.context['has_permission'])
self.assertNotContains(response, 'user-tools') # user-tools div shouldn't visible.
# we are now logged out def test_client_logout_url_can_be_used_to_login(self):
response = self.client.get(reverse('admin:logout')) response = self.client.get(reverse('admin:logout'))
self.assertEqual(response.status_code, 302) # we should be redirected to the login page. self.assertEqual(response.status_code, 302) # we should be redirected to the login page.