Ensure Django{Model,Object}Permissions don't hide exceptions.

Quietly catching `AttributeError` and `TypeError` when calling `get_queryset()` is rather insidious, as those exceptions get caught no matter where they might happen in the call stack.
JeffGuKang · Nov 27, 2015 · 6968828 · 6968828
1 parent 200dda9
commit 6968828
Showing 1 changed file with 8 additions and 8 deletions.
diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py
@@ -112,15 +112,15 @@ def has_permission(self, request, view):
         if getattr(view, '_ignore_model_permissions', False):
             return True
 
-        try:
+        if hasattr(view, 'get_queryset'):
             queryset = view.get_queryset()
-        except AttributeError:
+        else:
             queryset = getattr(view, 'queryset', None)
 
         assert queryset is not None, (
             'Cannot apply DjangoModelPermissions on a view that '
-            'does not have `.queryset` property or overrides the '
-            '`.get_queryset()` method.')
+            'does not set `.queryset` or have a `.get_queryset()` method.'
+        )
 
         perms = self.get_required_permissions(request.method, queryset.model)
 
@@ -169,15 +169,15 @@ def get_required_object_permissions(self, method, model_cls):
         return [perm % kwargs for perm in self.perms_map[method]]
 
     def has_object_permission(self, request, view, obj):
-        try:
+        if hasattr(view, 'get_queryset'):
             queryset = view.get_queryset()
-        except AttributeError:
+        else:
             queryset = getattr(view, 'queryset', None)
 
         assert queryset is not None, (
             'Cannot apply DjangoObjectPermissions on a view that '
-            'does not have `.queryset` property or overrides the '
-            '`.get_queryset()` method.')
+            'does not set `.queryset` or have a `.get_queryset()` method.'
+        )
 
         model_cls = queryset.model
         user = request.user