[Django] #30135: PermissionDenied Exception not catched

[Django]

#30135: PermissionDenied Exception not catched
---------------------------------------------+------------------------
Reporter: HamburgerJungeJr | Owner: nobody
Type: Bug | Status: new
Component: Testing framework | Version: 2.1
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
---------------------------------------------+------------------------
I'm using the testclient to verfiy that only users with proper permissions
can access a view.

Until Django 2.0.10 I could use the following like it is described in the
documentation
(https://docs.djangoproject.com/en/2.0/topics/testing/tools/#exceptions)

{{{
class ReportTestMethods(TestCase):
def setUp(self):
# Create user
user = User.objects.create_user('temp', 'te...@temp.tld',
'temppass')
user.first_name = 'temp_first'
user.last_name = 'temp_last'
user.save()

# login with user
self.client.login(username='temp', password='temppass')

# Create tempdir
temp_dir = mkdtemp()
settings.MEDIA_ROOT = temp_dir

# Create report
report = Report.objects.create(name='test', model='MEM',
jsonql_query='members', report=SimpleUploadedFile('report.jrxml',
bytes('Test', 'utf-8')))
report.save()

def test_report_list_permission(self):
"User should only access report list if view permission is set"

user = User.objects.get(username='temp')

response = self.client.get(reverse('reporting:list'))
print(response.status_code)
self.assertEqual(response.status_code, 403)

user.user_permissions.add(Permission.objects.get(codename='view_report'))

response = self.client.get(reverse('reporting:list'))
self.assertEqual(response.status_code, 200)
}}}

After updating to 2.1 the test raises the following exception
{{{
Creating test database for alias 'default'...
System check identified no issues (0 silenced).
WARNING:django.request:Forbidden (Permission denied): /de/reporting/
Traceback (most recent call last):
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-
packages/django/core/handlers/exception.py", line 34, in inner
response = get_response(request)
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-
packages/django/core/handlers/base.py", line 126, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-
packages/django/core/handlers/base.py", line 124, in _get_response
response = wrapped_callback(request, *callback_args,
**callback_kwargs)
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-
packages/django/views/generic/base.py", line 68, in view
return self.dispatch(request, *args, **kwargs)
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-
packages/django/contrib/auth/mixins.py", line 52, in dispatch
return super().dispatch(request, *args, **kwargs)
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-
packages/django/contrib/auth/mixins.py", line 84, in dispatch
return self.handle_no_permission()
File "/home/***/.virtualenvs/pyVerein/lib/python3.6/site-
packages/django/contrib/auth/mixins.py", line 43, in handle_no_permission
raise PermissionDenied(self.get_permission_denied_message())
django.core.exceptions.PermissionDenied
403
.
}}}
The documentation still states that PermissionDenied exception will not be
visible to the client.
(https://docs.djangoproject.com/en/2.1/topics/testing/tools/#exceptions)

--
Ticket URL: <https://code.djangoproject.com/ticket/30135>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

[Django]

#30135: PermissionDenied Exception not catched

-----------------------------------+--------------------------------------

Reporter: HamburgerJungeJr | Owner: nobody
Type: Bug | Status: new
Component: Testing framework | Version: 2.1

Severity: Normal | Resolution:

Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-----------------------------------+--------------------------------------

Comment (by Tim Graham):

It looks to me like the test is passing but the logging is being
displayed. It would be nice to have a sample project that reproduces the
issue. Django may not be at fault.

--
Ticket URL: <https://code.djangoproject.com/ticket/30135#comment:1>

[Django]

#30135: PermissionDenied Exception not catched

-----------------------------------+--------------------------------------

Reporter: HamburgerJungeJr | Owner: nobody
Type: Bug | Status: new
Component: Testing framework | Version: 2.1

Severity: Normal | Resolution:

Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-----------------------------------+--------------------------------------

Comment (by HamburgerJungeJr):

You are right. I just found that the PyReportJasper-package sets the
global logging level to INFO.

--
Ticket URL: <https://code.djangoproject.com/ticket/30135#comment:2>

[Django]

#30135: PermissionDenied Exception not catched

-----------------------------------+--------------------------------------
Reporter: HamburgerJungeJr | Owner: nobody
Type: Bug | Status: closed

Component: Testing framework | Version: 2.1

Severity: Normal | Resolution: invalid

Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-----------------------------------+--------------------------------------
Changes (by HamburgerJungeJr):

* status: new => closed
* resolution: => invalid

--
Ticket URL: <https://code.djangoproject.com/ticket/30135#comment:3>