innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Added a test to show that the user.is_staff check in admin base.html is necessary. 

refs #21067
This commit is contained in:
Tim Graham 2013-09-09 07:59:35 -04:00
parent 28a571348b
commit aeed2cf3b2
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
tests/admin_views/tests.py
View File

@ -1296,6 +1296,19 @@ class AdminViewPermissionsTest(TestCase):
response = self.client.get('/test_admin/admin/secure-view/') response = self.client.get('/test_admin/admin/secure-view/')
self.assertContains(response, 'id="login-form"') self.assertContains(response, 'id="login-form"')
def testDisabledStaffPermissionsWhenLoggedIn(self):
self.client.login(username='super', password='secret')
superuser = User.objects.get(username='super')
superuser.is_staff = False
superuser.save()
response = self.client.get('/test_admin/admin/')
self.assertContains(response, 'id="login-form"')
self.assertNotContains(response, 'Log out')
response = self.client.get('/test_admin/admin/secure-view/')
self.assertContains(response, 'id="login-form"')
@override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',)) @override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',))
class AdminViewsNoUrlTest(TestCase): class AdminViewsNoUrlTest(TestCase):