diff options
| -rw-r--r-- | djangorestframework/exceptions.py | 23 | ||||
| -rw-r--r-- | djangorestframework/permissions.py | 19 | ||||
| -rw-r--r-- | djangorestframework/views.py | 4 |
3 files changed, 29 insertions, 17 deletions
diff --git a/djangorestframework/exceptions.py b/djangorestframework/exceptions.py index e70f55df..425b4b8f 100644 --- a/djangorestframework/exceptions.py +++ b/djangorestframework/exceptions.py @@ -1,3 +1,22 @@ +from djangorestframework import status + + class ParseError(Exception): - def __init__(self, detail): - self.detail = detail + status_code = status.HTTP_400_BAD_REQUEST + default_detail = 'Malformed request' + + def __init__(self, detail=None): + self.detail = detail or self.default_detail + + +class PermissionDenied(Exception): + status_code = status.HTTP_403_FORBIDDEN + default_detail = 'You do not have permission to access this resource.' + + def __init__(self, detail=None): + self.detail = detail or self.default_detail + + +# class Throttled(Exception): +# def __init__(self, detail): +# self.detail = detail diff --git a/djangorestframework/permissions.py b/djangorestframework/permissions.py index ec008bd9..b56d8a32 100644 --- a/djangorestframework/permissions.py +++ b/djangorestframework/permissions.py @@ -7,6 +7,7 @@ Permission behavior is provided by mixing the :class:`mixins.PermissionsMixin` c from django.core.cache import cache from djangorestframework import status +from djangorestframework.exceptions import PermissionDenied from djangorestframework.response import ImmediateResponse import time @@ -23,11 +24,6 @@ __all__ = ( SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS'] -_403_FORBIDDEN_RESPONSE = ImmediateResponse( - {'detail': 'You do not have permission to access this resource. ' + - 'You may need to login or otherwise authenticate the request.'}, - status=status.HTTP_403_FORBIDDEN) - _503_SERVICE_UNAVAILABLE = ImmediateResponse( {'detail': 'request was throttled'}, status=status.HTTP_503_SERVICE_UNAVAILABLE) @@ -66,7 +62,7 @@ class IsAuthenticated(BasePermission): def check_permission(self, user): if not user.is_authenticated(): - raise _403_FORBIDDEN_RESPONSE + raise PermissionDenied() class IsAdminUser(BasePermission): @@ -76,7 +72,7 @@ class IsAdminUser(BasePermission): def check_permission(self, user): if not user.is_staff: - raise _403_FORBIDDEN_RESPONSE + raise PermissionDenied() class IsUserOrIsAnonReadOnly(BasePermission): @@ -87,7 +83,7 @@ class IsUserOrIsAnonReadOnly(BasePermission): def check_permission(self, user): if (not user.is_authenticated() and self.view.method not in SAFE_METHODS): - raise _403_FORBIDDEN_RESPONSE + raise PermissionDenied() class DjangoModelPermissions(BasePermission): @@ -123,10 +119,7 @@ class DjangoModelPermissions(BasePermission): 'app_label': model_cls._meta.app_label, 'model_name': model_cls._meta.module_name } - try: - return [perm % kwargs for perm in self.perms_map[method]] - except KeyError: - ImmediateResponse(status.HTTP_405_METHOD_NOT_ALLOWED) + return [perm % kwargs for perm in self.perms_map[method]] def check_permission(self, user): method = self.view.method @@ -134,7 +127,7 @@ class DjangoModelPermissions(BasePermission): perms = self.get_required_permissions(method, model_cls) if not user.is_authenticated or not user.has_perms(perms): - raise _403_FORBIDDEN_RESPONSE + raise PermissionDenied() class BaseThrottle(BasePermission): diff --git a/djangorestframework/views.py b/djangorestframework/views.py index 41be0337..b0e23534 100644 --- a/djangorestframework/views.py +++ b/djangorestframework/views.py @@ -249,8 +249,8 @@ class View(DjangoView): except ImmediateResponse, exc: response = exc.response - except exceptions.ParseError as exc: - response = Response({'detail': exc.detail}, status=status.HTTP_400_BAD_REQUEST) + except (exceptions.ParseError, exceptions.PermissionDenied) as exc: + response = Response({'detail': exc.detail}, status=exc.status_code) self.response = self.final(request, response, *args, **kwargs) return self.response |