Multiple custom permissions and default_detail

[jbma]

Checklist

• I have verified that that issue exists against the master branch of Django REST framework.
• I have searched for similar issues in both open and closed tickets and cannot find a duplicate.
• This is not a usage question. (Those should be directed to the discussion group instead.)
• This cannot be dealt with as a third party library. (We prefer new functionality to be in the form of third party libraries where possible.)
• I have reduced the issue to the simplest possible case.
• I have included a failing test as a pull request. (If you are unable to do so we can still accept the issue.)

Steps to reproduce

I've two custom permissions :

class PermissionA(permissions.BasePermission):
    message = "Custom Message A"

    def has_permission(self, request, view):
        return False

class PermissionB(permissions.BasePermission):
    message = "Custom Message B"

    def has_permission(self, request, view):
        return False

They are added into a view like that: permission_classes = (PermissionA&PermissionB,)

Expected behavior

The view should displays "Custom Message A"

Actual behavior

The view displays "You do not have permission to perform this action."
As soon as I change the permission_classes to PermissionA or PermissionBthe custom message is displayed

[carltongibson]

Hi @jbma. Thanks for the report.

The issue here is that rest_framework.permissions.AND and OR and so-on have no message attribute:

>>> from rest_framework import permissions
>>> p = permissions.AllowAny & permissions.AllowAny
>>> p().message
AttributeError                            Traceback (most recent call last)
...
AttributeError: 'AND' object has no attribute 'message'

I see no reason why we shouldn't be able to add a property that pulled the message from the composed permissions, following the usual short-circuiting rules for boolean logic. (Tests and docs.)

[jbma]

Hi, thank's for the feedback 🙌

[alexei-alexov]

Hi, any updates on this issue? Maybe you have any implementation ideas?

[Riccardo-Maio]

#6502 Looks like it's been sitting for a while, any plans on pushing it through? Would love to have this issue fixed.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.