fix #584: don't assume that anonymouser user instance will be acl aware on its serialization

misago/core/testproject/urls.py

@@ -1,8 +1,16 @@
 from django.conf.urls import patterns, include, url
 
+# Setup Django admin to work with Misago auth
+from django.contrib import admin
+from misago.users.forms.auth import AdminAuthenticationForm
+
+admin.autodiscover()
+admin.site.login_form = AdminAuthenticationForm
+
 
 urlpatterns = patterns('',
     url(r'^forum/', include('misago.urls', namespace='misago')),
+    url(r'^django-admin/', include(admin.site.urls)),
 )
 
 urlpatterns += patterns('misago.core.testproject.views',

misago/project_template/project_name/urls.py

@@ -4,9 +4,11 @@ from django.conf.urls import patterns, include, url
 # Setup Django admin to work with Misago auth
 from django.contrib import admin
 from misago.users.forms.auth import AdminAuthenticationForm
+
 admin.autodiscover()
 admin.site.login_form = AdminAuthenticationForm
 
+
 urlpatterns = patterns('',
     url(r'^', include('misago.urls', namespace='misago')),
 

misago/users/serializers/user.py

@@ -90,7 +90,10 @@ class AnonymousUserSerializer(serializers.Serializer):
     acl = serializers.SerializerMethodField()
 
     def get_acl(self, obj):
-        return serialize_acl(obj)
+        if hasattr(obj, 'acl_'):
+            return serialize_acl(obj)
+        else:
+            return None
 
 
 class BaseSerializer(serializers.ModelSerializer):

misago/users/tests/test_djangoadmin_auth.py

@@ -0,0 +1,42 @@
+from django.core.urlresolvers import reverse
+from misago.admin.testutils import AdminTestCase
+
+
+class DjangoAdminAuthTests(AdminTestCase):
+    """assertions for Django admin auth interop with Misago User Model"""
+    urls = 'misago.core.testproject.urls'
+
+    def test_login(self):
+        """its possible to sign in to django admin"""
+        self.logout_user()
+
+        # form renders
+        response = self.client.get(reverse('admin:index'))
+        self.assertEqual(response.status_code, 200)
+
+        # form handles login
+        response = self.client.post(reverse('admin:index'), data={
+            'username': self.user.email,
+            'password': self.USER_PASSWORD,
+        })
+        self.assertEqual(response.status_code, 302)
+
+        response = self.client.get(reverse('admin:index'))
+        self.assertEqual(response.status_code, 200)
+        self.assertIn(self.user.username, response.content)
+
+    def test_logout(self):
+        """its possible to sign out from django admin"""
+        response = self.client.get(reverse('admin:index'))
+        self.assertEqual(response.status_code, 200)
+        self.assertIn(self.user.username, response.content)
+
+        # assert there's no showstopper on signout page
+        response = self.client.get(reverse('admin:logout'))
+        self.assertEqual(response.status_code, 200)
+        self.assertNotIn(self.user.username, response.content)
+
+        # user was signed out
+        response = self.client.get(reverse('admin:index'))
+        self.assertEqual(response.status_code, 200)
+        self.assertNotIn(self.user.username, response.content)