id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
25163	Add a hint to the admin login page when a user is redirected there due to lack of permissions	Jan Pazdziora	Tim Graham <timograham@…>	"Assume application which uses `django.contrib.auth.views.login` with some custom template to allow the users to log in. Even users that are not staff can therefore log in.

While authenticated with this non-staff user, access to `/admin` gets redirected to `/admin/login` which shows the `Django administration` logon form. So that page (and any access to `/admin`) behaves as if the user was not authenticated. No information clarifying that ""while you are authenticated as `david`, you are unfortunately not authorized to access this page -- would you care to re-login?"" What's more, the user stays authenticated, so when they edit the location in their browser to access some non-admin site, they are back as authenticated user.

Maybe when the user is not authorized, it should be clearly spelled out on the admin login screen, giving the user a chance to logout and re-login?

I was able to reproduce this behaviour without any remote user authentication set up, even if that is eventually the environment where I'd like the authentication to also work.

Note: Not sure if this is more about `django.contrib.admin` or `django.contrib.auth`, filing under `contrib.admin` because there's where I can demonstrate it easily."	Cleanup/optimization	closed	contrib.admin	dev	Normal	fixed			Accepted	1	0	0	0	0	0