Removing 403 immediate response

djangorestframework/exceptions.py

@@ -1,3 +1,22 @@
+from djangorestframework import status
+
+
 class ParseError(Exception):
-    def __init__(self, detail):
+    status_code = status.HTTP_400_BAD_REQUEST
-        self.detail = detail
+    default_detail = 'Malformed request'
+
+    def __init__(self, detail=None):
+        self.detail = detail or self.default_detail
+
+
+class PermissionDenied(Exception):
+    status_code = status.HTTP_403_FORBIDDEN
+    default_detail = 'You do not have permission to access this resource.'
+
+    def __init__(self, detail=None):
+        self.detail = detail or self.default_detail
+
+
+# class Throttled(Exception):
+#     def __init__(self, detail):
+#         self.detail = detail

djangorestframework/permissions.py

@@ -7,6 +7,7 @@ Permission behavior is provided by mixing the :class:`mixins.PermissionsMixin` c
 
 from django.core.cache import cache
 from djangorestframework import status
+from djangorestframework.exceptions import PermissionDenied
 from djangorestframework.response import ImmediateResponse
 import time
 
@@ -23,11 +24,6 @@ __all__ = (
 SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS']
 
 
-_403_FORBIDDEN_RESPONSE = ImmediateResponse(
-    {'detail': 'You do not have permission to access this resource. ' +
-               'You may need to login or otherwise authenticate the request.'},
-    status=status.HTTP_403_FORBIDDEN)
-
 _503_SERVICE_UNAVAILABLE = ImmediateResponse(
     {'detail': 'request was throttled'},
     status=status.HTTP_503_SERVICE_UNAVAILABLE)
@@ -66,7 +62,7 @@ class IsAuthenticated(BasePermission):
 
     def check_permission(self, user):
         if not user.is_authenticated():
-            raise _403_FORBIDDEN_RESPONSE
+            raise PermissionDenied()
 
 
 class IsAdminUser(BasePermission):
@@ -76,7 +72,7 @@ class IsAdminUser(BasePermission):
 
     def check_permission(self, user):
         if not user.is_staff:
-            raise _403_FORBIDDEN_RESPONSE
+            raise PermissionDenied()
 
 
 class IsUserOrIsAnonReadOnly(BasePermission):
@@ -87,7 +83,7 @@ class IsUserOrIsAnonReadOnly(BasePermission):
     def check_permission(self, user):
         if (not user.is_authenticated() and
             self.view.method not in SAFE_METHODS):
-            raise _403_FORBIDDEN_RESPONSE
+            raise PermissionDenied()
 
 
 class DjangoModelPermissions(BasePermission):
@@ -123,10 +119,7 @@ class DjangoModelPermissions(BasePermission):
             'app_label': model_cls._meta.app_label,
             'model_name':  model_cls._meta.module_name
         }
-        try:
+        return [perm % kwargs for perm in self.perms_map[method]]
-            return [perm % kwargs for perm in self.perms_map[method]]
-        except KeyError:
-            ImmediateResponse(status.HTTP_405_METHOD_NOT_ALLOWED)
 
     def check_permission(self, user):
         method = self.view.method
@@ -134,7 +127,7 @@ class DjangoModelPermissions(BasePermission):
         perms = self.get_required_permissions(method, model_cls)
 
         if not user.is_authenticated or not user.has_perms(perms):
-            raise _403_FORBIDDEN_RESPONSE
+            raise PermissionDenied()
 
 
 class BaseThrottle(BasePermission):

djangorestframework/views.py

@@ -249,8 +249,8 @@ class View(DjangoView):
 
         except ImmediateResponse, exc:
             response = exc.response
-        except exceptions.ParseError as exc:
+        except (exceptions.ParseError, exceptions.PermissionDenied) as exc:
-            response = Response({'detail': exc.detail}, status=status.HTTP_400_BAD_REQUEST)
+            response = Response({'detail': exc.detail}, status=exc.status_code)
 
         self.response = self.final(request, response, *args, **kwargs)
         return self.response