Opened 6 years ago
Closed 6 years ago
#30135 closed Bug (invalid)
PermissionDenied Exception not catched
Reported by: | HamburgerJungeJr | Owned by: | nobody |
---|---|---|---|
Component: | Testing framework | Version: | 2.1 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
I'm using the testclient to verfiy that only users with proper permissions can access a view.
Until Django 2.0.10 I could use the following like it is described in the documentation (https://docs.djangoproject.com/en/2.0/topics/testing/tools/#exceptions)
class ReportTestMethods(TestCase): def setUp(self): # Create user user = User.objects.create_user('temp', 'temp@temp.tld', 'temppass') user.first_name = 'temp_first' user.last_name = 'temp_last' user.save() # login with user self.client.login(username='temp', password='temppass') # Create tempdir temp_dir = mkdtemp() settings.MEDIA_ROOT = temp_dir # Create report report = Report.objects.create(name='test', model='MEM', jsonql_query='members', report=SimpleUploadedFile('report.jrxml', bytes('Test', 'utf-8'))) report.save() def test_report_list_permission(self): "User should only access report list if view permission is set" user = User.objects.get(username='temp') response = self.client.get(reverse('reporting:list')) print(response.status_code) self.assertEqual(response.status_code, 403) user.user_permissions.add(Permission.objects.get(codename='view_report')) response = self.client.get(reverse('reporting:list')) self.assertEqual(response.status_code, 200)
After updating to 2.1 the test raises the following exception
Creating test database for alias 'default'... System check identified no issues (0 silenced). WARNING:django.request:Forbidden (Permission denied): /de/reporting/ Traceback (most recent call last): File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-packages/django/core/handlers/exception.py", line 34, in inner response = get_response(request) File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-packages/django/core/handlers/base.py", line 126, in _get_response response = self.process_exception_by_middleware(e, request) File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-packages/django/core/handlers/base.py", line 124, in _get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-packages/django/views/generic/base.py", line 68, in view return self.dispatch(request, *args, **kwargs) File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-packages/django/contrib/auth/mixins.py", line 52, in dispatch return super().dispatch(request, *args, **kwargs) File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-packages/django/contrib/auth/mixins.py", line 84, in dispatch return self.handle_no_permission() File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-packages/django/contrib/auth/mixins.py", line 43, in handle_no_permission raise PermissionDenied(self.get_permission_denied_message()) django.core.exceptions.PermissionDenied 403 .
The documentation still states that PermissionDenied exception will not be visible to the client. (https://docs.djangoproject.com/en/2.1/topics/testing/tools/#exceptions)
Change History (3)
comment:1 by , 6 years ago
comment:2 by , 6 years ago
You are right. I just found that the PyReportJasper-package sets the global logging level to INFO.
comment:3 by , 6 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
It looks to me like the test is passing but the logging is being displayed. It would be nice to have a sample project that reproduces the issue. Django may not be at fault.