encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-08-08 06:14:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Skipped the object permission check for a list_route decorated view with a PUT method

Browse Source
This commit is contained in:
Peter Malmgren 2015-10-23 15:44:35 -04:00
parent af5474f9b3
commit 95714730f9
2 changed files with 44 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
rest_framework/metadata.py
View File

@ -85,7 +85,11 @@ class SimpleMetadata(BaseMetadata):
view.check_permissions(view.request) view.check_permissions(view.request)
# Test object permissions # Test object permissions
if method == 'PUT' and hasattr(view, 'get_object'): if method == 'PUT' and hasattr(view, 'get_object'):
view.get_object() # List/Detail views add a .detail property to the view function.
# If the view is a list view, detail will be False, and this
# check should be skipped.
if getattr(view.put, 'detail', True):
view.get_object()
except (exceptions.APIException, PermissionDenied, Http404): except (exceptions.APIException, PermissionDenied, Http404):
pass pass
else: else:

40
tests/test_metadata.py
View File

@ -5,8 +5,9 @@ from django.db import models
from django.test import TestCase from django.test import TestCase
from rest_framework import ( from rest_framework import (
exceptions, metadata, serializers, status, versioning, views exceptions, metadata, serializers, status, versioning, views, viewsets
) )
from rest_framework.decorators import list_route
from rest_framework.renderers import BrowsableAPIRenderer from rest_framework.renderers import BrowsableAPIRenderer
from rest_framework.request import Request from rest_framework.request import Request
from rest_framework.test import APIRequestFactory from rest_framework.test import APIRequestFactory
@ -266,6 +267,43 @@ class TestMetadata:
field_info = options.get_field_info(serializers.NullBooleanField()) field_info = options.get_field_info(serializers.NullBooleanField())
assert field_info['type'] == 'boolean' assert field_info['type'] == 'boolean'
def test_bug_3356_list_route_metadata(self):
class Example(models.Model):
dummy_field = models.CharField(max_length=64, default='')
class ExampleSerializer(serializers.Serializer):
class Meta:
model = Example
class ListRouteViewSet(viewsets.ModelViewSet):
serializer_class = ExampleSerializer
queryset = Example.objects.all()
@list_route(methods=['GET', 'PUT'])
def put_route(self, request):
return
put_view = ListRouteViewSet.as_view(actions={'put': 'put_route'})
response = put_view(request)
expected = {
'name': 'List Route',
'description': '',
'renders': [
'application/json',
'text/html'
],
'parses': [
'application/json',
'application/x-www-form-urlencoded',
'multipart/form-data'
],
'actions': {
'PUT': {}
}
}
assert response.data == expected
class TestModelSerializerMetadata(TestCase): class TestModelSerializerMetadata(TestCase):
def test_read_only_primary_key_related_field(self): def test_read_only_primary_key_related_field(self):