From 635ffc3c37d58eb96ae17d5389dd50bf635413c6 Mon Sep 17 00:00:00 2001 From: Luis Visintini Date: Sat, 25 Jul 2015 15:49:00 +0100 Subject: [PATCH] Fixed #25163 -- Added hint for non-staff users to admin login page. --- .../contrib/admin/templates/admin/login.html | 10 ++++++++++ tests/admin_views/tests.py | 19 +++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/django/contrib/admin/templates/admin/login.html b/django/contrib/admin/templates/admin/login.html index b89aa50044..b939c9aac9 100644 --- a/django/contrib/admin/templates/admin/login.html +++ b/django/contrib/admin/templates/admin/login.html @@ -31,6 +31,16 @@ {% endif %}
+ +{% if user.is_authenticated %} +

+{% blocktrans with username=request.user.username %} + You are authenticated as {{ username }}, but are not authorized to + access this page. Would you like to login to a different account? +{% endblocktrans %} +

+{% endif %} +
{% csrf_token %}
{{ form.username.errors }} diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py index 55ccee7fe1..9e6c349a36 100644 --- a/tests/admin_views/tests.py +++ b/tests/admin_views/tests.py @@ -1558,6 +1558,25 @@ class AdminViewPermissionsTest(TestCase): self.assertFalse(login.context) self.client.get(reverse('admin:logout')) + def test_login_page_notice_for_non_staff_users(self): + """ + A logged-in non-staff user trying to access the admin index should be + presented with the login page and a hint indicating that the current + user doesn't have access to it. + """ + hint_template = 'You are authenticated as {}' + + # Anonymous user should not be shown the hint + response = self.client.get(self.index_url, follow=True) + self.assertContains(response, 'login-form') + self.assertNotContains(response, hint_template.format(''), status_code=200) + + # Non-staff user should be shown the hint + self.client.login(**self.nostaff_login) + response = self.client.get(self.index_url, follow=True) + self.assertContains(response, 'login-form') + self.assertContains(response, hint_template.format(self.u6.username), status_code=200) + def test_add_view(self): """Test add view restricts access and actually adds items."""