#30135: PermissionDenied Exception not catched
---------------------------------------------+------------------------
Reporter: HamburgerJungeJr | Owner: nobody
Type: Bug | Status: new
Component: Testing framework | Version: 2.1
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
---------------------------------------------+------------------------
I'm using the testclient to verfiy that only users with proper permissions
can access a view.
Until Django 2.0.10 I could use the following like it is described in the
documentation
(https://docs.djangoproject.com/en/2.0/topics/testing/tools/#exceptions)
{{{
class ReportTestMethods(TestCase):
def setUp(self):
# Create user
user = User.objects.create_user('temp', '[email protected]',
'temppass')
user.first_name = 'temp_first'
user.last_name = 'temp_last'
user.save()
# login with user
self.client.login(username='temp', password='temppass')
# Create tempdir
temp_dir = mkdtemp()
settings.MEDIA_ROOT = temp_dir
# Create report
report = Report.objects.create(name='test', model='MEM',
jsonql_query='members', report=SimpleUploadedFile('report.jrxml',
bytes('Test', 'utf-8')))
report.save()
def test_report_list_permission(self):
"User should only access report list if view permission is set"
user = User.objects.get(username='temp')
response = self.client.get(reverse('reporting:list'))
print(response.status_code)
self.assertEqual(response.status_code, 403)
user.user_permissions.add(Permission.objects.get(codename='view_report'))
response = self.client.get(reverse('reporting:list'))
self.assertEqual(response.status_code, 200)
}}}
After updating to 2.1 the test raises the following exception
{{{
Creating test database for alias 'default'...
System check identified no issues (0 silenced).
WARNING:django.request:Forbidden (Permission denied): /de/reporting/
Traceback (most recent call last):
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-
packages/django/core/handlers/exception.py", line 34, in inner
response = get_response(request)
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-
packages/django/core/handlers/base.py", line 126, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-
packages/django/core/handlers/base.py", line 124, in _get_response
response = wrapped_callback(request, *callback_args,
**callback_kwargs)
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-
packages/django/views/generic/base.py", line 68, in view
return self.dispatch(request, *args, **kwargs)
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-
packages/django/contrib/auth/mixins.py", line 52, in dispatch
return super().dispatch(request, *args, **kwargs)
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-
packages/django/contrib/auth/mixins.py", line 84, in dispatch
return self.handle_no_permission()
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-
packages/django/contrib/auth/mixins.py", line 43, in handle_no_permission
raise PermissionDenied(self.get_permission_denied_message())
django.core.exceptions.PermissionDenied
403
.
}}}
The documentation still states that PermissionDenied exception will not be
visible to the client.
(https://docs.djangoproject.com/en/2.1/topics/testing/tools/#exceptions)
--
Ticket URL: <https://code.djangoproject.com/ticket/30135>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/059.6eea5afbf12c428ae836c3230fe99ce5%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
