[1.8.x] Fixed #26035 -- Prevented user-tools from appearing on admin logout page.

Backport of 7cc2efc2d6 from master
2016-01-05 11:29:09 +00:00 · 2016-01-05 11:29:09 +00:00 · 7688089e0f
parent 5c1de942ac
commit 7688089e0f
4 changed files with 15 additions and 7 deletions
--- a/1
+++ b/1
@ -611,6 +611,7 @@ answer newbie questions, and generally made Django that much better:
    schwank@gmail.com
    Scot Hacker <shacker@birdhouse.org>
    Scott Barr <scott@divisionbyzero.com.au>
+    Scott Pashley <github@scottpashley.co.uk>
    scott@staplefish.com
    Sean Brant
    Sebastian Hillig <sebastian.hillig@gmail.com>
--- a/django/contrib/admin/sites.py
+++ b/django/contrib/admin/sites.py
@ -355,7 +355,13 @@ class AdminSite(object):
        from django.contrib.auth.views import logout
        defaults = {
            'current_app': self.name,
-            'extra_context': dict(self.each_context(request), **(extra_context or {})),
+            'extra_context': dict(
+                self.each_context(request),
+                # Since the user isn't logged out at this point, the value of
+                # has_permission must be overridden.
+                has_permission=False,
+                **(extra_context or {})
+            ),
        }
        if self.logout_template is not None:
            defaults['template_name'] = self.logout_template
--- a/docs/releases/1.8.9.txt
+++ b/docs/releases/1.8.9.txt
@ -9,4 +9,5 @@ Django 1.8.9 fixes several bugs in 1.8.8.
 Bugfixes
 ========

-* ...
+* Fixed a regression that caused the "user-tools" items to display on the
+  admin's logout page (:ticket:`26035`).
--- a/tests/admin_views/tests.py
+++ b/tests/admin_views/tests.py
@ -4832,19 +4832,19 @@ class AdminCustomSaveRelatedTests(TestCase):

@override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',),
    ROOT_URLCONF="admin_views.urls")
-class AdminViewLogoutTest(TestCase):
+class AdminViewLogoutTests(TestCase):
    fixtures = ['admin-views-users.xml']

-    def setUp(self):
+    def test_logout(self):
        self.client.login(username='super', password='secret')
-
-    def test_client_logout_url_can_be_used_to_login(self):
        response = self.client.get(reverse('admin:logout'))
        self.assertEqual(response.status_code, 200)
        self.assertTemplateUsed(response, 'registration/logged_out.html')
        self.assertEqual(response.request['PATH_INFO'], reverse('admin:logout'))
+        self.assertFalse(response.context['has_permission'])
+        self.assertNotContains(response, 'user-tools')  # user-tools div shouldn't visible.

-        # we are now logged out
+    def test_client_logout_url_can_be_used_to_login(self):
        response = self.client.get(reverse('admin:logout'))
        self.assertEqual(response.status_code, 302)  # we should be redirected to the login page.