Skip to content

D
django-rest-framework
Commit 95380f77 by José Padilla Committed by GitHub
Options

Merge pull request #4928 from tdruez/patch-1 

Added a failing test for #4927
parents 51b6a5cd d616c159
Showing with 23 additions and 0 deletions
rest_framework/permissions.py
...@@ -5,6 +5,7 @@ from __future__ import unicode_literals ...@@ -5,6 +5,7 @@ from __future__ import unicode_literals
from django.http import Http404 from django.http import Http404
from rest_framework import exceptions
from rest_framework.compat import is_authenticated from rest_framework.compat import is_authenticated
...@@ -108,6 +109,10 @@ class DjangoModelPermissions(BasePermission): ...@@ -108,6 +109,10 @@ class DjangoModelPermissions(BasePermission):
'app_label': model_cls._meta.app_label, 'app_label': model_cls._meta.app_label,
'model_name': model_cls._meta.model_name 'model_name': model_cls._meta.model_name
} }
if method not in self.perms_map:
raise exceptions.MethodNotAllowed(method)
return [perm % kwargs for perm in self.perms_map[method]] return [perm % kwargs for perm in self.perms_map[method]]
def has_permission(self, request, view): def has_permission(self, request, view):
...@@ -169,6 +174,10 @@ class DjangoObjectPermissions(DjangoModelPermissions): ...@@ -169,6 +174,10 @@ class DjangoObjectPermissions(DjangoModelPermissions):
'app_label': model_cls._meta.app_label, 'app_label': model_cls._meta.app_label,
'model_name': model_cls._meta.model_name 'model_name': model_cls._meta.model_name
} }
if method not in self.perms_map:
raise exceptions.MethodNotAllowed(method)
return [perm % kwargs for perm in self.perms_map[method]] return [perm % kwargs for perm in self.perms_map[method]]
def has_object_permission(self, request, view, obj): def has_object_permission(self, request, view, obj):
......
tests/test_permissions.py
...@@ -200,6 +200,15 @@ class ModelPermissionsIntegrationTests(TestCase): ...@@ -200,6 +200,15 @@ class ModelPermissionsIntegrationTests(TestCase):
response = empty_list_view(request, pk=1) response = empty_list_view(request, pk=1)
self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_calling_method_not_allowed(self):
request = factory.generic('METHOD_NOT_ALLOWED', '/')
response = root_view(request)
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
request = factory.generic('METHOD_NOT_ALLOWED', '/1')
response = instance_view(request, pk='1')
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
class BasicPermModel(models.Model): class BasicPermModel(models.Model):
text = models.CharField(max_length=100) text = models.CharField(max_length=100)
...@@ -384,6 +393,11 @@ class ObjectPermissionsIntegrationTests(TestCase): ...@@ -384,6 +393,11 @@ class ObjectPermissionsIntegrationTests(TestCase):
self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertListEqual(response.data, []) self.assertListEqual(response.data, [])
def test_cannot_method_not_allowed(self):
request = factory.generic('METHOD_NOT_ALLOWED', '/')
response = object_permissions_list_view(request)
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
class BasicPerm(permissions.BasePermission): class BasicPerm(permissions.BasePermission):
def has_permission(self, request, view): def has_permission(self, request, view):
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment