Opened 5 years ago
Closed 5 years ago
#30135 closed Bug (invalid)
PermissionDenied Exception not catched
| Reported by: | HamburgerJungeJr | Owned by: | nobody |
|---|---|---|---|
| Component: | Testing framework | Version: | 2.1 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
I'm using the testclient to verfiy that only users with proper permissions can access a view.
Until Django 2.0.10 I could use the following like it is described in the documentation (https://docs.djangoproject.com/en/2.0/topics/testing/tools/#exceptions)
class ReportTestMethods(TestCase):
def setUp(self):
# Create user
user = User.objects.create_user('temp', 'temp@temp.tld', 'temppass')
user.first_name = 'temp_first'
user.last_name = 'temp_last'
user.save()
# login with user
self.client.login(username='temp', password='temppass')
# Create tempdir
temp_dir = mkdtemp()
settings.MEDIA_ROOT = temp_dir
# Create report
report = Report.objects.create(name='test', model='MEM', jsonql_query='members', report=SimpleUploadedFile('report.jrxml', bytes('Test', 'utf-8')))
report.save()
def test_report_list_permission(self):
"User should only access report list if view permission is set"
user = User.objects.get(username='temp')
response = self.client.get(reverse('reporting:list'))
print(response.status_code)
self.assertEqual(response.status_code, 403)
user.user_permissions.add(Permission.objects.get(codename='view_report'))
response = self.client.get(reverse('reporting:list'))
self.assertEqual(response.status_code, 200)
After updating to 2.1 the test raises the following exception
Creating test database for alias 'default'...
System check identified no issues (0 silenced).
WARNING:django.request:Forbidden (Permission denied): /de/reporting/
Traceback (most recent call last):
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-packages/django/core/handlers/exception.py", line 34, in inner
response = get_response(request)
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-packages/django/core/handlers/base.py", line 126, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-packages/django/core/handlers/base.py", line 124, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-packages/django/views/generic/base.py", line 68, in view
return self.dispatch(request, *args, **kwargs)
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-packages/django/contrib/auth/mixins.py", line 52, in dispatch
return super().dispatch(request, *args, **kwargs)
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-packages/django/contrib/auth/mixins.py", line 84, in dispatch
return self.handle_no_permission()
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-packages/django/contrib/auth/mixins.py", line 43, in handle_no_permission
raise PermissionDenied(self.get_permission_denied_message())
django.core.exceptions.PermissionDenied
403
.
The documentation still states that PermissionDenied exception will not be visible to the client. (https://docs.djangoproject.com/en/2.1/topics/testing/tools/#exceptions)
Change History (3)
comment:1 by , 5 years ago
comment:2 by , 5 years ago
You are right. I just found that the PyReportJasper-package sets the global logging level to INFO.
comment:3 by , 5 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
It looks to me like the test is passing but the logging is being displayed. It would be nice to have a sample project that reproduces the issue. Django may not be at fault.