django shows 500 error instead of 403 error

Question

I was trying to write custom error pages and got this issue, when a user is not authenticated and tries to visit a specific webpage I returned PermissionDenied() handler to show a 403(expected by me) but, django shows a 500 error instead. How do I show a 403 error in this case?

My urls.py:

handler404 = 'error.views.error_404'
handler403 = 'error.views.error_403'
handler500 = 'error.views.error_500'
handler400 = 'error.views.error_400'

My views.py to authenticate the user:

if request.user.is_authenticated():
    return render(request,"app/index.html")
else:
    return PermissionDenied()

My views.py used to handle exceptions:

def error_404(request, exception):
    data = {}
    return render(request,'error/404.html', data)

def error_403(request, exception):
    data = {}
    return render(request,'error/403.html', data)

def error_500(request):
    data = {}
    return render(request,'error/500.html', data)

def error_400(request, exception):
    data = {}
    return render(request,'error/400.html', data)

Reference Used: How do I raise a Response Forbidden in django

Answer 1

You should raise PermissionDenied [Django-doc] as an exception, so:

if request.user.is_authenticated():
    return render(request,"app/index.html")
else:
    raise PermissionDenied()

or you can return a HttpResponseForbidden [Django-doc]:

from django.http import HttpResponseForbidden

if request.user.is_authenticated():
    return render(request,"app/index.html")
else:
    return HttpResponseForbidden()

but you can not merge the two and return a PermissionDenied, or raise a HttpResponseForbidden: PermissionDenied is an exception whereas HttpResponseForbidden is a HTTP response.