Ensure Django{Model,Object}Permissions don't hide exceptions.

Quietly catching `AttributeError` and `TypeError` when calling `get_queryset()` is rather insidious, as those exceptions get caught no matter where they might happen in the call stack.
2024-11-22 09:36:49 +03:00 · 2015-11-24 14:44:00 +02:00 · 2015-11-24 14:44:00 +02:00 · 69688289ce
commit 69688289ce
parent 200dda91ac
1 changed files with 8 additions and 8 deletions
--- a/rest_framework/permissions.py
+++ b/rest_framework/permissions.py
@ -112,15 +112,15 @@ class DjangoModelPermissions(BasePermission):
        if getattr(view, '_ignore_model_permissions', False):
            return True

-        try:
+        if hasattr(view, 'get_queryset'):
            queryset = view.get_queryset()
-        except AttributeError:
+        else:
            queryset = getattr(view, 'queryset', None)

        assert queryset is not None, (
            'Cannot apply DjangoModelPermissions on a view that '
-            'does not have `.queryset` property or overrides the '
-            '`.get_queryset()` method.')
+            'does not set `.queryset` or have a `.get_queryset()` method.'
+        )

        perms = self.get_required_permissions(request.method, queryset.model)

@ -169,15 +169,15 @@ class DjangoObjectPermissions(DjangoModelPermissions):
        return [perm % kwargs for perm in self.perms_map[method]]

    def has_object_permission(self, request, view, obj):
-        try:
+        if hasattr(view, 'get_queryset'):
            queryset = view.get_queryset()
-        except AttributeError:
+        else:
            queryset = getattr(view, 'queryset', None)

        assert queryset is not None, (
            'Cannot apply DjangoObjectPermissions on a view that '
-            'does not have `.queryset` property or overrides the '
-            '`.get_queryset()` method.')
+            'does not set `.queryset` or have a `.get_queryset()` method.'
+        )

        model_cls = queryset.model
        user = request.user