Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Added a test to show that the user.is_staff check in admin base.html …

…is necessary.

refs #21067
  • Loading branch information...
commit aeed2cf3b23161f228c8b221e56ea4d8a7cf71aa 1 parent 28a5713
@timgraham timgraham authored
Showing with 13 additions and 0 deletions.
  1. +13 −0 tests/admin_views/tests.py
View
13 tests/admin_views/tests.py
@@ -1296,6 +1296,19 @@ def testDisabledPermissionsWhenLoggedIn(self):
response = self.client.get('/test_admin/admin/secure-view/')
self.assertContains(response, 'id="login-form"')
+ def testDisabledStaffPermissionsWhenLoggedIn(self):
+ self.client.login(username='super', password='secret')
+ superuser = User.objects.get(username='super')
+ superuser.is_staff = False
+ superuser.save()
+
+ response = self.client.get('/test_admin/admin/')
+ self.assertContains(response, 'id="login-form"')
+ self.assertNotContains(response, 'Log out')
+
+ response = self.client.get('/test_admin/admin/secure-view/')
+ self.assertContains(response, 'id="login-form"')
+
@override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',))
class AdminViewsNoUrlTest(TestCase):
Please sign in to comment.
Something went wrong with that request. Please try again.