Fixed #33269 -- Made AnonymousUser/PermissionsMixin.has_perms() raise ValueError on string or non-iterable perm_list.

1 files changed, 14 insertions, 0 deletions

diff --git a/tests/auth_tests/test_auth_backends.py b/tests/auth_tests/test_auth_backends.py
index d01d0b6526..d1471466d7 100644
--- a/tests/auth_tests/test_auth_backends.py
+++ b/tests/auth_tests/test_auth_backends.py
@@ -53,6 +53,13 @@ class BaseBackendTest(TestCase):
         self.assertIs(self.user.has_perm('group_perm'), True)
         self.assertIs(self.user.has_perm('other_perm', TestObj()), False)
 
+    def test_has_perms_perm_list_invalid(self):
+        msg = 'perm_list must be an iterable of permissions.'
+        with self.assertRaisesMessage(ValueError, msg):
+            self.user.has_perms('user_perm')
+        with self.assertRaisesMessage(ValueError, msg):
+            self.user.has_perms(object())
+
 
 class CountingMD5PasswordHasher(MD5PasswordHasher):
     """Hasher that counts how many times it computes a hash."""
@@ -476,6 +483,13 @@ class AnonymousUserBackendTest(SimpleTestCase):
         self.assertIs(self.user1.has_perms(['anon'], TestObj()), True)
         self.assertIs(self.user1.has_perms(['anon', 'perm'], TestObj()), False)
 
+    def test_has_perms_perm_list_invalid(self):
+        msg = 'perm_list must be an iterable of permissions.'
+        with self.assertRaisesMessage(ValueError, msg):
+            self.user1.has_perms('perm')
+        with self.assertRaisesMessage(ValueError, msg):
+            self.user1.has_perms(object())
+
     def test_has_module_perms(self):
         self.assertIs(self.user1.has_module_perms("app1"), True)
         self.assertIs(self.user1.has_module_perms("app2"), False)