test(django): Add tests for permission denied handling (#482)

* test(django): Add tests for permission denied handling

* fix: Skip drf test when drf not installed

tests/integrations/django/myapp/urls.py

@@ -35,6 +35,11 @@
     path("classbased", views.ClassBasedView.as_view(), name="classbased"),
     path("post-echo", views.post_echo, name="post_echo"),
     path("template-exc", views.template_exc, name="template_exc"),
+    path(
+        "permission-denied-exc",
+        views.permission_denied_exc,
+        name="permission_denied_exc",
+    ),
 ]
 
 
@@ -50,6 +55,13 @@
         )
     )
     urlpatterns.append(path("rest-hello", views.rest_hello, name="rest_hello"))
+    urlpatterns.append(
+        path(
+            "rest-permission-denied-exc",
+            views.rest_permission_denied_exc,
+            name="rest_permission_denied_exc",
+        )
+    )
 except AttributeError:
     pass
 

tests/integrations/django/myapp/views.py

@@ -1,5 +1,6 @@
 from django.contrib.auth import login
 from django.contrib.auth.models import User
+from django.core.exceptions import PermissionDenied
 from django.http import HttpResponse, HttpResponseServerError, HttpResponseNotFound
 from django.shortcuts import render
 from django.views.generic import ListView
@@ -20,6 +21,10 @@ def rest_framework_read_body_and_exc(request):
     def rest_hello(request):
         return HttpResponse("ok")
 
+    @api_view(["GET"])
+    def rest_permission_denied_exc(request):
+        raise PermissionDenied("bye")
+
 
 except ImportError:
     pass
@@ -73,3 +78,7 @@ def handler404(*args, **kwargs):
 
 def template_exc(request, *args, **kwargs):
     return render(request, "error.html")
+
+
+def permission_denied_exc(*args, **kwargs):
+    raise PermissionDenied("bye")

tests/integrations/django/test_basic.py

@@ -479,3 +479,19 @@ def test_rest_framework_basic(
     assert event["exception"]["values"][0]["mechanism"]["type"] == "django"
 
     assert event["request"] == event_request(route)
+
+
+@pytest.mark.parametrize(
+    "endpoint", ["rest_permission_denied_exc", "permission_denied_exc"]
+)
+def test_does_not_capture_403(sentry_init, client, capture_events, endpoint):
+    if endpoint == "rest_permission_denied_exc":
+        pytest.importorskip("rest_framework")
+
+    sentry_init(integrations=[DjangoIntegration()])
+    events = capture_events()
+
+    _content, status, _headers = client.get(reverse(endpoint))
+    assert status.lower() == "403 forbidden"
+
+    assert not events