mirror of https://github.com/django/django.git
Fixed #25163 -- Added hint for non-staff users to admin login page.
This commit is contained in:
parent
537818af87
commit
635ffc3c37
|
@ -31,6 +31,16 @@
|
|||
{% endif %}
|
||||
|
||||
<div id="content-main">
|
||||
|
||||
{% if user.is_authenticated %}
|
||||
<p class="errornote">
|
||||
{% blocktrans with username=request.user.username %}
|
||||
You are authenticated as {{ username }}, but are not authorized to
|
||||
access this page. Would you like to login to a different account?
|
||||
{% endblocktrans %}
|
||||
</p>
|
||||
{% endif %}
|
||||
|
||||
<form action="{{ app_path }}" method="post" id="login-form">{% csrf_token %}
|
||||
<div class="form-row">
|
||||
{{ form.username.errors }}
|
||||
|
|
|
@ -1558,6 +1558,25 @@ class AdminViewPermissionsTest(TestCase):
|
|||
self.assertFalse(login.context)
|
||||
self.client.get(reverse('admin:logout'))
|
||||
|
||||
def test_login_page_notice_for_non_staff_users(self):
|
||||
"""
|
||||
A logged-in non-staff user trying to access the admin index should be
|
||||
presented with the login page and a hint indicating that the current
|
||||
user doesn't have access to it.
|
||||
"""
|
||||
hint_template = 'You are authenticated as {}'
|
||||
|
||||
# Anonymous user should not be shown the hint
|
||||
response = self.client.get(self.index_url, follow=True)
|
||||
self.assertContains(response, 'login-form')
|
||||
self.assertNotContains(response, hint_template.format(''), status_code=200)
|
||||
|
||||
# Non-staff user should be shown the hint
|
||||
self.client.login(**self.nostaff_login)
|
||||
response = self.client.get(self.index_url, follow=True)
|
||||
self.assertContains(response, 'login-form')
|
||||
self.assertContains(response, hint_template.format(self.u6.username), status_code=200)
|
||||
|
||||
def test_add_view(self):
|
||||
"""Test add view restricts access and actually adds items."""
|
||||
|
||||
|
|
Loading…
Reference in New Issue