search

AACEngineering / django-permissions-auditor

Tool to audit access control on your django app.
https://django-permissions-auditor.readthedocs.io/en/latest/
MIT License
20 stars 4 forks source link

Exception if <str:permission> is invalid #4

Closed jayvdb closed 4 years ago

jayvdb commented 4 years ago

Using django-smoke-tests, I get the following error. It is obviously sending the wrong URL parameter, but permissions-auditor should handle this a bit better, e.g. even replying with a 404 if it couldnt decode its parameter.

ERROR: test_smoke_GET_admin/permissions_auditor/view/<str:permission>/ (django_smoke_tests.tests.SmokeTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/django_smoke_tests/generator.py", line 90, in test
    response = http_method_function(url, {})
  File "/usr/lib/python3.8/site-packages/django/test/client.py", line 518, in get
    response = super().get(path, data=data, secure=secure, **extra)
  File "/usr/lib/python3.8/site-packages/django/test/client.py", line 344, in get
    return self.generic('GET', path, secure=secure, **{
  File "/usr/lib/python3.8/site-packages/django/test/client.py", line 421, in generic
    return self.request(**r)
  File "/usr/lib/python3.8/site-packages/django/test/client.py", line 496, in request
    raise exc_value
  File "/usr/lib/python3.8/site-packages/django/core/handlers/exception.py", line 34, in inner
    response = get_response(request)
  File "/usr/lib/python3.8/site-packages/django/core/handlers/base.py", line 115, in _get_response
    response = self.process_exception_by_middleware(e, request)
  File "/usr/lib/python3.8/site-packages/django/core/handlers/base.py", line 113, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/usr/lib/python3.8/site-packages/django/utils/decorators.py", line 130, in _wrapped_view
    response = view_func(request, *args, **kwargs)
  File "/usr/lib/python3.8/site-packages/django/views/decorators/cache.py", line 44, in _wrapped_view_func
    response = view_func(request, *args, **kwargs)
  File "/usr/lib/python3.8/site-packages/django/contrib/admin/sites.py", line 231, in inner
    return view(request, *args, **kwargs)
  File "/usr/lib/python3.8/site-packages/permissions_auditor/admin.py", line 76, in permission_detail
    obj = self.get_object(request, permission)
  File "/usr/lib/python3.8/site-packages/permissions_auditor/admin.py", line 52, in get_object
    app_label, codename = permission.split('.')
ValueError: not enough values to unpack (expected 2, got 1)
kluchrj commented 4 years ago

Thanks, looks like that exception wasn't being caught properly. It should behave how the admin normally does when looking up an object that doesn't exist.