ValidationErrors are raised before Permission errors [Low Priority]

[bmwirth09]

Hi,

So it seems like request data is validated before permission errors. Not a big deal.. mostly ran into it via automated testing, but I think it makes most sense to raise the permission error in a case where someone isn't allowed to do something.

A potential strange use case would be:

• someone fills out a form for an action they aren't permitted to do
• someone submits a form without required fields (like a text field)
• only after do they correct the form errors, are they notified if they aren't permitted to do the action

If you're already checking this preeptively on the frontend, not really an issue... but i'm sure it'll trip someone up :)

[eadwinCode]

@bmwirth09 yes that true. Permissions are executed after Django Ninja has parsed the requested data. But I am thinking right now that permissions should be executed before request validation.

I will look into this and see if there is something blocking it from not happening

[bmwirth09]

Awesome. Thanks so much for all your hard work @eadwinCode, django ninja extra is great and really sold me to use django ninja at all! :)

[eadwinCode]

You are welcome @bmwirth09. I am glad the library is servicing it's purpose

[eadwinCode]

@bmwirth09 I have looked at this and coupled with the ninja execution pattern, it is quite difficult to run the permission before route parameter validation. The permission execution requires the instance of the controller created and to create the controller object we need to create the RequestContext which requires request parameters and to get that route parameters validation is executed

[bmwirth09]

I see.

Would it be possible to run the permission checks even in the case of validation failure? And prioritize the permission errors?

[eadwinCode]

Sorry for replying late... If the validation fails, the permission will not be executed because validation error will be raised