Removing 403 immediate response

2025-10-31 07:57:55 +03:00 · 2012-08-25 13:43:28 +01:00 · 2012-08-25 13:43:28 +01:00 · 1c28562397
commit 1c28562397
parent 26831df88e
3 changed files with 29 additions and 17 deletions
--- a/djangorestframework/exceptions.py
+++ b/djangorestframework/exceptions.py
@ -1,3 +1,22 @@
+from djangorestframework import status
+
+
 class ParseError(Exception):
-    def __init__(self, detail):
-        self.detail = detail
+    status_code = status.HTTP_400_BAD_REQUEST
+    default_detail = 'Malformed request'
+
+    def __init__(self, detail=None):
+        self.detail = detail or self.default_detail
+
+
+class PermissionDenied(Exception):
+    status_code = status.HTTP_403_FORBIDDEN
+    default_detail = 'You do not have permission to access this resource.'
+
+    def __init__(self, detail=None):
+        self.detail = detail or self.default_detail
+
+
+# class Throttled(Exception):
+#     def __init__(self, detail):
+#         self.detail = detail
--- a/djangorestframework/permissions.py
+++ b/djangorestframework/permissions.py
@ -7,6 +7,7 @@ Permission behavior is provided by mixing the :class:`mixins.PermissionsMixin` c

 from django.core.cache import cache
 from djangorestframework import status
+from djangorestframework.exceptions import PermissionDenied
 from djangorestframework.response import ImmediateResponse
 import time

@ -23,11 +24,6 @@ __all__ = (
 SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS']


-_403_FORBIDDEN_RESPONSE = ImmediateResponse(
-    {'detail': 'You do not have permission to access this resource. ' +
-               'You may need to login or otherwise authenticate the request.'},
-    status=status.HTTP_403_FORBIDDEN)
-
 _503_SERVICE_UNAVAILABLE = ImmediateResponse(
    {'detail': 'request was throttled'},
    status=status.HTTP_503_SERVICE_UNAVAILABLE)
@ -66,7 +62,7 @@ class IsAuthenticated(BasePermission):

    def check_permission(self, user):
        if not user.is_authenticated():
-            raise _403_FORBIDDEN_RESPONSE
+            raise PermissionDenied()


 class IsAdminUser(BasePermission):
@ -76,7 +72,7 @@ class IsAdminUser(BasePermission):

    def check_permission(self, user):
        if not user.is_staff:
-            raise _403_FORBIDDEN_RESPONSE
+            raise PermissionDenied()


 class IsUserOrIsAnonReadOnly(BasePermission):
@ -87,7 +83,7 @@ class IsUserOrIsAnonReadOnly(BasePermission):
    def check_permission(self, user):
        if (not user.is_authenticated() and
            self.view.method not in SAFE_METHODS):
-            raise _403_FORBIDDEN_RESPONSE
+            raise PermissionDenied()


 class DjangoModelPermissions(BasePermission):
@ -123,10 +119,7 @@ class DjangoModelPermissions(BasePermission):
            'app_label': model_cls._meta.app_label,
            'model_name':  model_cls._meta.module_name
        }
-        try:
-            return [perm % kwargs for perm in self.perms_map[method]]
-        except KeyError:
-            ImmediateResponse(status.HTTP_405_METHOD_NOT_ALLOWED)
+        return [perm % kwargs for perm in self.perms_map[method]]

    def check_permission(self, user):
        method = self.view.method
@ -134,7 +127,7 @@ class DjangoModelPermissions(BasePermission):
        perms = self.get_required_permissions(method, model_cls)

        if not user.is_authenticated or not user.has_perms(perms):
-            raise _403_FORBIDDEN_RESPONSE
+            raise PermissionDenied()


 class BaseThrottle(BasePermission):
--- a/djangorestframework/views.py
+++ b/djangorestframework/views.py
@ -249,8 +249,8 @@ class View(DjangoView):

        except ImmediateResponse, exc:
            response = exc.response
-        except exceptions.ParseError as exc:
-            response = Response({'detail': exc.detail}, status=status.HTTP_400_BAD_REQUEST)
+        except (exceptions.ParseError, exceptions.PermissionDenied) as exc:
+            response = Response({'detail': exc.detail}, status=exc.status_code)

        self.response = self.final(request, response, *args, **kwargs)
        return self.response