Opened 6 years ago

Closed 6 years ago

#30135 closed Bug (invalid)

PermissionDenied Exception not catched

Reported by: HamburgerJungeJr Owned by: nobody
Component: Testing framework Version: 2.1
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

I'm using the testclient to verfiy that only users with proper permissions can access a view.

Until Django 2.0.10 I could use the following like it is described in the documentation (https://docs.djangoproject.com/en/2.0/topics/testing/tools/#exceptions)

class ReportTestMethods(TestCase):
    def setUp(self):
        # Create user
        user = User.objects.create_user('temp', 'temp@temp.tld', 'temppass')
        user.first_name = 'temp_first'
        user.last_name = 'temp_last'
        user.save()

        # login with user
        self.client.login(username='temp', password='temppass')

        # Create tempdir
        temp_dir = mkdtemp()
        settings.MEDIA_ROOT = temp_dir

        # Create report
        report = Report.objects.create(name='test', model='MEM', jsonql_query='members', report=SimpleUploadedFile('report.jrxml', bytes('Test', 'utf-8')))
        report.save()

    def test_report_list_permission(self):
        "User should only access report list if view permission is set"

        user = User.objects.get(username='temp')    
        
        response = self.client.get(reverse('reporting:list'))
        print(response.status_code)
        self.assertEqual(response.status_code, 403)

        user.user_permissions.add(Permission.objects.get(codename='view_report'))

        response = self.client.get(reverse('reporting:list'))
        self.assertEqual(response.status_code, 200)

After updating to 2.1 the test raises the following exception

Creating test database for alias 'default'...
System check identified no issues (0 silenced).
WARNING:django.request:Forbidden (Permission denied): /de/reporting/
Traceback (most recent call last):
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-packages/django/core/handlers/exception.py", line 34, in inner
    response = get_response(request)
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-packages/django/core/handlers/base.py", line 126, in _get_response
    response = self.process_exception_by_middleware(e, request)
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-packages/django/core/handlers/base.py", line 124, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-packages/django/views/generic/base.py", line 68, in view
    return self.dispatch(request, *args, **kwargs)
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-packages/django/contrib/auth/mixins.py", line 52, in dispatch
    return super().dispatch(request, *args, **kwargs)
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-packages/django/contrib/auth/mixins.py", line 84, in dispatch
    return self.handle_no_permission()
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-packages/django/contrib/auth/mixins.py", line 43, in handle_no_permission
    raise PermissionDenied(self.get_permission_denied_message())
django.core.exceptions.PermissionDenied
403
.

The documentation still states that PermissionDenied exception will not be visible to the client. (https://docs.djangoproject.com/en/2.1/topics/testing/tools/#exceptions)

Change History (3)

comment:1 by Tim Graham, 6 years ago

It looks to me like the test is passing but the logging is being displayed. It would be nice to have a sample project that reproduces the issue. Django may not be at fault.

comment:2 by HamburgerJungeJr, 6 years ago

You are right. I just found that the PyReportJasper-package sets the global logging level to INFO.

comment:3 by HamburgerJungeJr, 6 years ago

Resolution: invalid
Status: newclosed
Note: See TracTickets for help on using tickets.
Back to Top