Skip to content

Multiple custom permissions and default_detail #6427

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
6 tasks done
jbma opened this issue Jan 30, 2019 · 9 comments
Open
6 tasks done

Multiple custom permissions and default_detail #6427

jbma opened this issue Jan 30, 2019 · 9 comments
Labels
Enhancement

Comments

@jbma
Copy link

jbma commented Jan 30, 2019
edited
Loading

Checklist

  • I have verified that that issue exists against the master branch of Django REST framework.
  • I have searched for similar issues in both open and closed tickets and cannot find a duplicate.
  • This is not a usage question. (Those should be directed to the discussion group instead.)
  • This cannot be dealt with as a third party library. (We prefer new functionality to be in the form of third party libraries where possible.)
  • I have reduced the issue to the simplest possible case.
  • I have included a failing test as a pull request. (If you are unable to do so we can still accept the issue.)

Steps to reproduce

I've two custom permissions :

class PermissionA(permissions.BasePermission):
    message = "Custom Message A"

    def has_permission(self, request, view):
        return False


class PermissionB(permissions.BasePermission):
    message = "Custom Message B"

    def has_permission(self, request, view):
        return False

They are added into a view like that: permission_classes = (PermissionA&PermissionB,)

Expected behavior

The view should displays "Custom Message A"

Actual behavior

The view displays "You do not have permission to perform this action."
As soon as I change the permission_classes to PermissionA or PermissionBthe custom message is displayed
@carltongibson
Copy link
Collaborator

Hi @jbma. Thanks for the report.

The issue here is that rest_framework.permissions.AND and OR and so-on have no message attribute:

>>> from rest_framework import permissions
>>> p = permissions.AllowAny & permissions.AllowAny
>>> p().message
AttributeError                            Traceback (most recent call last)
...
AttributeError: 'AND' object has no attribute 'message'

I see no reason why we shouldn't be able to add a property that pulled the message from the composed permissions, following the usual short-circuiting rules for boolean logic. (Tests and docs.)

@jbma
Copy link
Author

jbma commented Feb 5, 2019

Hi, thank's for the feedback 🙌

This was referenced Mar 8, 2019
Closed
Closed
@alexei-alexov
Copy link

Hi, any updates on this issue? Maybe you have any implementation ideas?

@Riccardo-Maio
Copy link

#6502 Looks like it's been sitting for a while, any plans on pushing it through? Would love to have this issue fixed.

@stale
Copy link

stale bot commented Apr 18, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Apr 18, 2022
@stale stale bot removed the stale label May 1, 2022
@stale
Copy link

stale bot commented Aug 13, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Aug 13, 2022
@auvipy auvipy removed the stale label Jan 5, 2023
@auvipy auvipy added this to the 3.15 milestone Jan 19, 2023
@stale
Copy link

stale bot commented Apr 2, 2023

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Apr 2, 2023
@auvipy auvipy removed the stale label Apr 3, 2023
@auvipy auvipy removed this from the 3.15 milestone Jul 11, 2023
@last-partizan last-partizan mentioned this issue Feb 10, 2025
Closed
@tomchristie
Copy link
Member

A reasonable approach here would be to undocument combining permission classes, comment them as informally deprecated.

@stale Stale
Copy link

stale bot commented Apr 26, 2025

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Apr 26, 2025
@auvipy auvipy removed the stale label Apr 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@carltongibson @tomchristie @jbma @auvipy @alexei-alexov @Riccardo-Maio