mirror of
https://github.com/django/django.git
synced 2024-12-01 15:42:04 +01:00
Added a test to show that the user.is_staff check in admin base.html is necessary.
refs #21067
This commit is contained in:
parent
28a571348b
commit
aeed2cf3b2
@ -1296,6 +1296,19 @@ class AdminViewPermissionsTest(TestCase):
|
||||
response = self.client.get('/test_admin/admin/secure-view/')
|
||||
self.assertContains(response, 'id="login-form"')
|
||||
|
||||
def testDisabledStaffPermissionsWhenLoggedIn(self):
|
||||
self.client.login(username='super', password='secret')
|
||||
superuser = User.objects.get(username='super')
|
||||
superuser.is_staff = False
|
||||
superuser.save()
|
||||
|
||||
response = self.client.get('/test_admin/admin/')
|
||||
self.assertContains(response, 'id="login-form"')
|
||||
self.assertNotContains(response, 'Log out')
|
||||
|
||||
response = self.client.get('/test_admin/admin/secure-view/')
|
||||
self.assertContains(response, 'id="login-form"')
|
||||
|
||||
|
||||
@override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',))
|
||||
class AdminViewsNoUrlTest(TestCase):
|
||||
|
Loading…
Reference in New Issue
Block a user