encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-04-26 20:13:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4928 from tdruez/patch-1

Browse Source 
Added a failing test for #4927
This commit is contained in:
José Padilla 2017-03-01 08:52:27 -05:00 committed by GitHub
commit 95380f7717
2 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
rest_framework/permissions.py
View File

@ -5,6 +5,7 @@ from __future__ import unicode_literals
from django.http import Http404 from django.http import Http404
from rest_framework import exceptions
from rest_framework.compat import is_authenticated from rest_framework.compat import is_authenticated
@ -108,6 +109,10 @@ class DjangoModelPermissions(BasePermission):
'app_label': model_cls._meta.app_label, 'app_label': model_cls._meta.app_label,
'model_name': model_cls._meta.model_name 'model_name': model_cls._meta.model_name
} }
if method not in self.perms_map:
raise exceptions.MethodNotAllowed(method)
return [perm % kwargs for perm in self.perms_map[method]] return [perm % kwargs for perm in self.perms_map[method]]
def has_permission(self, request, view): def has_permission(self, request, view):
@ -169,6 +174,10 @@ class DjangoObjectPermissions(DjangoModelPermissions):
'app_label': model_cls._meta.app_label, 'app_label': model_cls._meta.app_label,
'model_name': model_cls._meta.model_name 'model_name': model_cls._meta.model_name
} }
if method not in self.perms_map:
raise exceptions.MethodNotAllowed(method)
return [perm % kwargs for perm in self.perms_map[method]] return [perm % kwargs for perm in self.perms_map[method]]
def has_object_permission(self, request, view, obj): def has_object_permission(self, request, view, obj):

14
tests/test_permissions.py
View File

@ -200,6 +200,15 @@ class ModelPermissionsIntegrationTests(TestCase):
response = empty_list_view(request, pk=1) response = empty_list_view(request, pk=1)
self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_calling_method_not_allowed(self):
request = factory.generic('METHOD_NOT_ALLOWED', '/')
response = root_view(request)
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
request = factory.generic('METHOD_NOT_ALLOWED', '/1')
response = instance_view(request, pk='1')
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
class BasicPermModel(models.Model): class BasicPermModel(models.Model):
text = models.CharField(max_length=100) text = models.CharField(max_length=100)
@ -384,6 +393,11 @@ class ObjectPermissionsIntegrationTests(TestCase):
self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertListEqual(response.data, []) self.assertListEqual(response.data, [])
def test_cannot_method_not_allowed(self):
request = factory.generic('METHOD_NOT_ALLOWED', '/')
response = object_permissions_list_view(request)
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
class BasicPerm(permissions.BasePermission): class BasicPerm(permissions.BasePermission):
def has_permission(self, request, view): def has_permission(self, request, view):