Commit 69688289 by Aarni Koskela

Ensure `Django{Model,Object}Permissions` don't hide exceptions.

Quietly catching `AttributeError` and `TypeError` when calling
`get_queryset()` is rather insidious, as those exceptions get caught no
matter where they might happen in the call stack.
parent 200dda91
...@@ -112,15 +112,15 @@ class DjangoModelPermissions(BasePermission): ...@@ -112,15 +112,15 @@ class DjangoModelPermissions(BasePermission):
if getattr(view, '_ignore_model_permissions', False): if getattr(view, '_ignore_model_permissions', False):
return True return True
try: if hasattr(view, 'get_queryset'):
queryset = view.get_queryset() queryset = view.get_queryset()
except AttributeError: else:
queryset = getattr(view, 'queryset', None) queryset = getattr(view, 'queryset', None)
assert queryset is not None, ( assert queryset is not None, (
'Cannot apply DjangoModelPermissions on a view that ' 'Cannot apply DjangoModelPermissions on a view that '
'does not have `.queryset` property or overrides the ' 'does not set `.queryset` or have a `.get_queryset()` method.'
'`.get_queryset()` method.') )
perms = self.get_required_permissions(request.method, queryset.model) perms = self.get_required_permissions(request.method, queryset.model)
...@@ -169,15 +169,15 @@ class DjangoObjectPermissions(DjangoModelPermissions): ...@@ -169,15 +169,15 @@ class DjangoObjectPermissions(DjangoModelPermissions):
return [perm % kwargs for perm in self.perms_map[method]] return [perm % kwargs for perm in self.perms_map[method]]
def has_object_permission(self, request, view, obj): def has_object_permission(self, request, view, obj):
try: if hasattr(view, 'get_queryset'):
queryset = view.get_queryset() queryset = view.get_queryset()
except AttributeError: else:
queryset = getattr(view, 'queryset', None) queryset = getattr(view, 'queryset', None)
assert queryset is not None, ( assert queryset is not None, (
'Cannot apply DjangoObjectPermissions on a view that ' 'Cannot apply DjangoObjectPermissions on a view that '
'does not have `.queryset` property or overrides the ' 'does not set `.queryset` or have a `.get_queryset()` method.'
'`.get_queryset()` method.') )
model_cls = queryset.model model_cls = queryset.model
user = request.user user = request.user
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment