/admin/logout/ requires having admin access

[Alex Dehnert]

If I visit /admin/logout/ while logged in as a user that doesn't have admin/staff access, I'm redirected to /admin/ and then to /admin/login/, *without* being logged out of my existing user. This feels like a bug, for several reasons:

• If I don't have permission to access /admin/logout/ for some reason, shouldn't I get told that, not just redirected to a login screen and left to guess?
• The ​docstring for logout() says "This should *not* assume the user is already logged in.", which isn't quite the same as "should log you out regardless of what user you are" but sorta hints in that direction to me
• The ​release notes for 4.1 suggest using admin:logout to log out, without any caveats about "all your users need to be staff" (my instinct is the recommendation should be logout not admin:logout regardless -- #36575 -- but it still suggests that this behavior is unexpected).

I looked briefly and didn't understand *how* /admin/logout/ requires admin access; I'm mildly suspicious of the ​@login_not_required decorator on `login` but I don't know if that's actually relevant.

[Sarah Boyce]

Thank you for the report
This appears, in essence, to be a duplicate of #34022 (see the ticket discussion and PR ​https://github.com/django/django/pull/16073#issuecomment-1250690063).
That ticket is classed as a "New Feature" as it's requesting a change of behavior, and needs community discussion to be accepted. To do that, please raise this on the ​new feature tracker.
Note that this behavior was introduced in #159 and is tested (see 03eeb020a00dedba2594326bd606d8b41d51e80f)