Fixed #4617 -- Added raise_exception option to permission_required decorator to be able to raise a PermissionDenied exception instead of redirecting to the login page.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16607 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2025-10-31 09:41:08 +00:00 · 2011-08-12 14:15:41 +00:00
parent 1ca6e9b9e2
commit 351d5da69b
5 changed files with 45 additions and 7 deletions
--- a/tests/modeltests/test_client/models.py
+++ b/tests/modeltests/test_client/models.py
@@ -370,6 +370,21 @@ class ClientTest(TestCase):

        # TODO: Log in with right permissions and request the page again

+    def test_view_with_permissions_exception(self):
+        "Request a page that is protected with @permission_required but raises a exception"
+
+        # Get the page without logging in. Should result in 403.
+        response = self.client.get('/test_client/permission_protected_view_exception/')
+        self.assertEquals(response.status_code, 403)
+
+        # Log in
+        login = self.client.login(username='testclient', password='password')
+        self.assertTrue(login, 'Could not log in')
+
+        # Log in with wrong permissions. Should result in 403.
+        response = self.client.get('/test_client/permission_protected_view_exception/')
+        self.assertEquals(response.status_code, 403)
+
    def test_view_with_method_permissions(self):
        "Request a page that is protected with a @permission_required method"

--- a/tests/modeltests/test_client/urls.py
+++ b/tests/modeltests/test_client/urls.py
@@ -21,6 +21,7 @@ urlpatterns = patterns('',
    (r'^login_protected_method_view/$', views.login_protected_method_view),
    (r'^login_protected_view_custom_redirect/$', views.login_protected_view_changed_redirect),
    (r'^permission_protected_view/$', views.permission_protected_view),
+    (r'^permission_protected_view_exception/$', views.permission_protected_view_exception),
    (r'^permission_protected_method_view/$', views.permission_protected_method_view),
    (r'^session_view/$', views.session_view),
    (r'^broken_view/$', views.broken_view),
--- a/tests/modeltests/test_client/views.py
+++ b/tests/modeltests/test_client/views.py
@@ -143,7 +143,7 @@ def login_protected_view_changed_redirect(request):
    return HttpResponse(t.render(c))
 login_protected_view_changed_redirect = login_required(redirect_field_name="redirect_to")(login_protected_view_changed_redirect)

-def permission_protected_view(request):
+def _permission_protected_view(request):
    "A simple view that is permission protected."
    t = Template('This is a permission protected test. '
                 'Username is {{ user.username }}. '
@@ -151,7 +151,8 @@ def permission_protected_view(request):
                 name='Permissions Template')
    c = Context({'user': request.user})
    return HttpResponse(t.render(c))
-permission_protected_view = permission_required('modeltests.test_perm')(permission_protected_view)
+permission_protected_view = permission_required('modeltests.test_perm')(_permission_protected_view)
+permission_protected_view_exception = permission_required('modeltests.test_perm', raise_exception=True)(_permission_protected_view)

 class _ViewManager(object):
    @method_decorator(login_required)