2 files changed, 34 insertions, 1 deletions

diff --git a/ishtar_common/backend.py b/ishtar_common/backend.py
index 39df9017a..cef1f0fa2 100644
--- a/ishtar_common/backend.py
+++ b/ishtar_common/backend.py
@@ -36,7 +36,10 @@ class ObjectPermBackend(ModelBackend):
         if not user_obj.is_authenticated():
             return False
         if not model:
-            # let it manage by the default backend
+            if user_obj.is_staff:
+                # let it manage by the default backend
+                return super(ObjectPermBackend, self).has_perm(
+                    user_obj=user_obj, perm=perm, obj=obj)
             return False
         try:
             ishtar_user = models.IshtarUser.objects.get(user_ptr=user_obj)
diff --git a/ishtar_common/tests.py b/ishtar_common/tests.py
index 2bd4afef1..4596f9b5e 100644
--- a/ishtar_common/tests.py
+++ b/ishtar_common/tests.py
@@ -1172,6 +1172,36 @@ class AccessControlTest(TestCase):
             ).count(), 1
         )
 
+    def test_django_admin(self):
+        username, password = "myusername", "mypassword"
+        __, __, user = create_user(username=username, password=password)
+        user.is_superuser = False
+        user.is_staff = False
+        user.save()
+        client = Client()
+
+        url = "/admin/"
+        client.login(username=username, password=password)
+        response = client.get(url)
+        self.assertRedirects(response, "/admin/login/?next={}".format(url))
+
+        User.objects.filter(username='myusername').update(is_staff=True)
+        client.logout()
+        client.login(username=username, password=password)
+        response = client.get(url)
+        self.assertEqual(response.status_code, 200)
+
+        url += "ishtar_common/persontype/"
+        response = client.get(url)
+        self.assertEqual(response.status_code, 403)
+
+        user.user_permissions.add(Permission.objects.get(
+            codename='change_persontype'))
+        client.logout()
+        client.login(username=username, password=password)
+        response = client.get(url)
+        self.assertEqual(response.status_code, 200)
+
 
 class UserProfileTest(TestCase):
     fixtures = OPERATION_FIXTURES