ensure permission erros knock through

This commit is contained in:
Matthias Mair 2026-06-24 01:09:38 +02:00
parent f8a396734d
commit 3c1b82d171
No known key found for this signature in database
GPG Key ID: A593429DDA23B66A
3 changed files with 9 additions and 2 deletions

View File

@ -8,7 +8,7 @@ from typing import Any, Optional
from django.contrib.auth import get_user_model
from django.contrib.contenttypes.fields import GenericRelation
from django.contrib.contenttypes.models import ContentType
from django.core.exceptions import PermissionDenied, ValidationError
from django.core.exceptions import ValidationError
from django.db import models, transaction
from django.db.models import QuerySet
from django.db.models.signals import post_save
@ -23,6 +23,7 @@ from django_q.models import Task
from error_report.models import Error
from mptt.exceptions import InvalidMove
from mptt.models import MPTTModel, TreeForeignKey
from rest_framework.exceptions import PermissionDenied
from stdimage.models import StdImageField
from taggit.managers import TaggableManager

View File

@ -154,6 +154,8 @@ class BarcodeView(CreateAPIView):
for current_plugin in plugins:
try:
result = current_plugin.scan(barcode, user=request.user, **kwargs)
except PermissionDenied as exc:
raise exc
except Exception:
log_error('BarcodeView.scan_barcode', plugin=current_plugin.slug)
continue

View File

@ -345,10 +345,14 @@ class SOAllocateTest(InvenTreeAPITestCase):
# Test with barcode which points to a *part* instance
item.part.assign_barcode(barcode_data='abcde')
# missing permission for viewing the part - error
self.postBarcode('abcde', sales_order=self.sales_order.pk, expected_code=403)
# Add part.view role and test again
self.assignRole('part.view')
result = self.postBarcode(
'abcde', sales_order=self.sales_order.pk, expected_code=400
)
self.assertIn('does not match an existing stock item', str(result['error']))
def test_submit(self):