Fixed #22295 -- Replaced permission check for displaying user-tools #2725

wants to merge 3 commits into


None yet
2 participants

maxocub commented May 27, 2014

Since has_permission() already checks if the user is staff and is active, I replaced {% if user.is_staff and user.is_active %} by {% if has_permission %} in base.html.
So, if someone creates a custom admin with a custom has_permission(), the user-tools will be displayed.
It's also backward compatible for someone who extends base.html and expects the user-tools to be hidden.


maxocub commented May 27, 2014

I'm not sure but it might also close this one:

@@ -322,7 +329,10 @@ def logout(self, request, extra_context=None):
from django.contrib.auth.views import logout
defaults = {
- 'extra_context': dict(self.each_context(), **(extra_context or {})),
+ 'extra_context': dict(

timgraham Jun 24, 2014


revert this change since you ended up removing has_permission here

@@ -24,16 +24,18 @@
<div id="branding">
{% block branding %}{% endblock %}
- {% if user.is_active and user.is_staff %}
+ {% if has_permission %}

timgraham Jun 24, 2014


is this going to be backwards incompatible for users who maybe writing a custom admin view but don't put has_permission in the context?

- return self.render_to_response(
+ return self.render_to_response(dict(
return super(BaseAdminDocsView, self).dispatch(*args, **kwargs)
def get_context_data(self, **kwargs):
kwargs.update({'root_path': urlresolvers.reverse('admin:index')})

timgraham Jun 24, 2014

    'root_path': urlresolvers.reverse('admin:index'),

timgraham commented Oct 30, 2014

Closing due to lack of follow-up, please send a new PR if you can update per my comments, thanks!

@timgraham timgraham closed this Oct 30, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment