From 7688089e0fea41a1acf71a33de82fa1b63fa8be4 Mon Sep 17 00:00:00 2001 From: Scott Pashley Date: Tue, 5 Jan 2016 11:29:09 +0000 Subject: [PATCH] [1.8.x] Fixed #26035 -- Prevented user-tools from appearing on admin logout page. Backport of 7cc2efc2d6916c05a0a5cb0c0e67f5405d8f6a03 from master --- AUTHORS | 1 + django/contrib/admin/sites.py | 8 +++++++- docs/releases/1.8.9.txt | 3 ++- tests/admin_views/tests.py | 10 +++++----- 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/AUTHORS b/AUTHORS index 06d9882df16..1a355d62831 100644 --- a/AUTHORS +++ b/AUTHORS @@ -611,6 +611,7 @@ answer newbie questions, and generally made Django that much better: schwank@gmail.com Scot Hacker Scott Barr + Scott Pashley scott@staplefish.com Sean Brant Sebastian Hillig diff --git a/django/contrib/admin/sites.py b/django/contrib/admin/sites.py index af408806ae2..e08b9326ba0 100644 --- a/django/contrib/admin/sites.py +++ b/django/contrib/admin/sites.py @@ -355,7 +355,13 @@ class AdminSite(object): from django.contrib.auth.views import logout defaults = { 'current_app': self.name, - 'extra_context': dict(self.each_context(request), **(extra_context or {})), + 'extra_context': dict( + self.each_context(request), + # Since the user isn't logged out at this point, the value of + # has_permission must be overridden. + has_permission=False, + **(extra_context or {}) + ), } if self.logout_template is not None: defaults['template_name'] = self.logout_template diff --git a/docs/releases/1.8.9.txt b/docs/releases/1.8.9.txt index d5735fc0d4e..be3b719b1e1 100644 --- a/docs/releases/1.8.9.txt +++ b/docs/releases/1.8.9.txt @@ -9,4 +9,5 @@ Django 1.8.9 fixes several bugs in 1.8.8. Bugfixes ======== -* ... +* Fixed a regression that caused the "user-tools" items to display on the + admin's logout page (:ticket:`26035`). diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py index a64e4d76d9d..881ef51d56d 100644 --- a/tests/admin_views/tests.py +++ b/tests/admin_views/tests.py @@ -4832,19 +4832,19 @@ class AdminCustomSaveRelatedTests(TestCase): @override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',), ROOT_URLCONF="admin_views.urls") -class AdminViewLogoutTest(TestCase): +class AdminViewLogoutTests(TestCase): fixtures = ['admin-views-users.xml'] - def setUp(self): + def test_logout(self): self.client.login(username='super', password='secret') - - def test_client_logout_url_can_be_used_to_login(self): response = self.client.get(reverse('admin:logout')) self.assertEqual(response.status_code, 200) self.assertTemplateUsed(response, 'registration/logged_out.html') self.assertEqual(response.request['PATH_INFO'], reverse('admin:logout')) + self.assertFalse(response.context['has_permission']) + self.assertNotContains(response, 'user-tools') # user-tools div shouldn't visible. - # we are now logged out + def test_client_logout_url_can_be_used_to_login(self): response = self.client.get(reverse('admin:logout')) self.assertEqual(response.status_code, 302) # we should be redirected to the login page.