#35959: Admin "Change password" Button Visible with Only "Can view user"
Permission
-------------------------------------+-------------------------------------
Reporter: Dev Namdev | Owner: Brock
| Smickley
Type: Bug | Status: assigned
Component: contrib.admin | Version: 5.1
Severity: Normal | Resolution:
Keywords: Permissions, Admin | Triage Stage: Accepted
Interface, Change Password, View |
User, Permission Bug |
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 1
-------------------------------------+-------------------------------------
Comment (by Brock Smickley):
struggling with this one but I think I figured out how to test it!
{{{#!diff
diff --git a/tests/auth_tests/test_views.py
b/tests/auth_tests/test_views.py
index 98fdfe79b7..6e1ebc2b3b 100644
--- a/tests/auth_tests/test_views.py
+++'''' b/tests/auth_tests/test_views.py
@@ -1704,6 +1704,7 @@ class ChangelistTests(MessagesTestMixin,
AuthViewsTestCase):
),
html=True,
)
+ self.assertNotContains(response, '<a class="button"
href="../password/">Reset password</a>')
# Value in POST data is ignored.
data = self.get_user_data(u)
data["password"] = "shouldnotchange"
}}}
Note to self for later: I should also probably test to make sure that the
button ''does'' show for users ''with'' permission.
--
Ticket URL: <https://code.djangoproject.com/ticket/35959#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/01070193946a3445-e3e42096-6f07-47f7-b10f-296482e091fe-000000%40eu-central-1.amazonses.com.
