django-rest-framework/djangorestframework/views.py

322 lines
11 KiB
Python
Raw Normal View History

"""
The :mod:`views` module provides the Views you will most probably
be subclassing in your implementation.
By setting or modifying class attributes on your view, you change it's predefined behaviour.
"""
import re
2012-08-27 02:06:52 +04:00
from django.core.exceptions import PermissionDenied
from django.http import Http404
from django.utils.html import escape
from django.utils.safestring import mark_safe
2011-05-04 12:21:17 +04:00
from django.views.decorators.csrf import csrf_exempt
2012-09-03 19:54:17 +04:00
from djangorestframework.compat import View as _View, apply_markdown
2012-08-27 02:06:52 +04:00
from djangorestframework.response import Response
2012-08-24 23:50:24 +04:00
from djangorestframework.request import Request
2012-09-03 19:42:57 +04:00
from djangorestframework.settings import api_settings
from djangorestframework import status, exceptions
2011-05-04 12:21:17 +04:00
2012-01-26 00:39:01 +04:00
def _remove_trailing_string(content, trailing):
"""
Strip trailing component `trailing` from `content` if it exists.
2012-08-25 01:11:00 +04:00
Used when generating names from view classes.
2012-01-26 00:39:01 +04:00
"""
if content.endswith(trailing) and content != trailing:
return content[:-len(trailing)]
return content
2012-01-28 18:38:06 +04:00
2012-01-26 00:39:01 +04:00
def _remove_leading_indent(content):
"""
Remove leading indent from a block of text.
Used when generating descriptions from docstrings.
"""
whitespace_counts = [len(line) - len(line.lstrip(' '))
for line in content.splitlines()[1:] if line.lstrip()]
# unindent the content if needed
if whitespace_counts:
whitespace_pattern = '^' + (' ' * min(whitespace_counts))
return re.sub(re.compile(whitespace_pattern, re.MULTILINE), '', content)
return content
2012-01-28 18:38:06 +04:00
2012-01-26 00:39:01 +04:00
def _camelcase_to_spaces(content):
"""
Translate 'CamelCaseNames' to 'Camel Case Names'.
2012-08-25 01:11:00 +04:00
Used when generating names from view classes.
2012-01-26 00:39:01 +04:00
"""
camelcase_boundry = '(((?<=[a-z])[A-Z])|([A-Z](?![A-Z]|$)))'
return re.sub(camelcase_boundry, ' \\1', content).strip()
2012-09-03 19:54:17 +04:00
class APIView(_View):
settings = api_settings
renderer_classes = api_settings.DEFAULT_RENDERERS
parser_classes = api_settings.DEFAULT_PARSERS
authentication_classes = api_settings.DEFAULT_AUTHENTICATION
throttle_classes = api_settings.DEFAULT_THROTTLES
permission_classes = api_settings.DEFAULT_PERMISSIONS
content_negotiation_class = api_settings.DEFAULT_CONTENT_NEGOTIATION
2011-12-09 16:54:11 +04:00
2011-05-23 20:07:31 +04:00
@classmethod
def as_view(cls, **initkwargs):
"""
Override the default :meth:`as_view` to store an instance of the view
as an attribute on the callable function. This allows us to discover
2011-12-09 16:54:11 +04:00
information about the view when we do URL reverse lookups.
2011-05-23 20:07:31 +04:00
"""
2012-09-03 19:54:17 +04:00
view = super(APIView, cls).as_view(**initkwargs)
2011-05-23 20:07:31 +04:00
view.cls_instance = cls(**initkwargs)
return view
2011-05-04 12:21:17 +04:00
@property
def allowed_methods(self):
2011-05-12 18:11:14 +04:00
"""
Return the list of allowed HTTP methods, uppercased.
"""
2012-02-25 22:45:17 +04:00
return [method.upper() for method in self.http_method_names
if hasattr(self, method)]
@property
def default_response_headers(self):
return {
'Allow': ', '.join(self.allowed_methods),
'Vary': 'Authenticate, Accept'
}
2011-05-04 12:21:17 +04:00
def get_name(self):
"""
Return the resource or view class name for use as this view's name.
Override to customize.
"""
2012-08-25 01:11:00 +04:00
name = self.__class__.__name__
name = _remove_trailing_string(name, 'View')
2012-01-26 00:39:01 +04:00
return _camelcase_to_spaces(name)
def get_description(self, html=False):
"""
Return the resource or view docstring for use as this view's description.
Override to customize.
"""
2012-08-25 01:11:00 +04:00
description = self.__doc__ or ''
2012-01-26 00:39:01 +04:00
description = _remove_leading_indent(description)
if html:
return self.markup_description(description)
return description
def markup_description(self, description):
2012-02-20 13:36:03 +04:00
"""
Apply HTML markup to the description of this view.
"""
2012-01-26 00:39:01 +04:00
if apply_markdown:
2012-01-28 18:38:06 +04:00
description = apply_markdown(description)
else:
2012-01-28 18:38:06 +04:00
description = escape(description).replace('\n', '<br />')
return mark_safe(description)
2011-05-04 12:21:17 +04:00
def http_method_not_allowed(self, request, *args, **kwargs):
"""
2012-09-03 18:57:43 +04:00
Called if `request.method` does not corrospond to a handler method.
"""
raise exceptions.MethodNotAllowed(request.method)
2011-05-04 12:21:17 +04:00
2012-09-06 16:49:15 +04:00
def permission_denied(self, request):
"""
If request is not permitted, determine what kind of exception to raise.
"""
raise exceptions.PermissionDenied()
def throttled(self, request, wait):
"""
If request is throttled, determine what kind of exception to raise.
"""
raise exceptions.Throttled(wait)
2012-08-24 23:50:24 +04:00
@property
def _parsed_media_types(self):
"""
Return a list of all the media types that this view can parse.
"""
return [parser.media_type for parser in self.parser_classes]
2012-08-24 23:50:24 +04:00
@property
def _default_parser(self):
"""
Return the view's default parser class.
"""
return self.parser_classes[0]
2012-08-24 23:50:24 +04:00
@property
def _rendered_media_types(self):
"""
Return an list of all the media types that this response can render.
"""
return [renderer.media_type for renderer in self.renderer_classes]
2012-08-24 23:50:24 +04:00
@property
def _rendered_formats(self):
"""
Return a list of all the formats that this response can render.
"""
return [renderer.format for renderer in self.renderer_classes]
2012-08-24 23:50:24 +04:00
@property
def _default_renderer(self):
"""
Return the response's default renderer class.
"""
return self.renderer_classes[0]
2012-08-24 23:50:24 +04:00
def get_format_suffix(self, **kwargs):
"""
Determine if the request includes a '.json' style format suffix
"""
if self.settings.FORMAT_SUFFIX_KWARG:
return kwargs.get(self.settings.FORMAT_SUFFIX_KWARG)
def get_renderers(self, format=None):
"""
Instantiates and returns the list of renderers that this view can use.
"""
return [renderer(self) for renderer in self.renderer_classes]
2012-08-24 23:57:10 +04:00
def get_permissions(self):
"""
Instantiates and returns the list of permissions that this view requires.
"""
return [permission(self) for permission in self.permission_classes]
2012-09-05 00:58:35 +04:00
def get_throttles(self):
2012-08-24 23:57:10 +04:00
"""
Instantiates and returns the list of thottles that this view uses.
2012-09-05 00:58:35 +04:00
"""
return [throttle(self) for throttle in self.throttle_classes]
def content_negotiation(self, request):
"""
Determine which renderer and media type to use render the response.
"""
renderers = self.get_renderers()
if self.format:
# If there is a '.json' style format suffix, only use
# renderers that accept that format.
fallback = renderers[0]
2012-09-15 01:52:28 +04:00
renderers = [renderer for renderer in renderers
if renderer.can_handle_format(self.format)]
if not renderers:
self.format404 = True
return (fallback, fallback.media_type)
conneg = self.content_negotiation_class()
return conneg.negotiate(request, renderers)
2012-09-05 00:58:35 +04:00
def check_permissions(self, request, obj=None):
"""
2012-09-06 16:49:15 +04:00
Check if request should be permitted.
2012-08-24 23:57:10 +04:00
"""
for permission in self.get_permissions():
2012-09-13 21:32:56 +04:00
if not permission.has_permission(request, obj):
2012-09-06 16:49:15 +04:00
self.permission_denied(request)
2012-09-05 00:58:35 +04:00
def check_throttles(self, request):
"""
2012-09-06 16:49:15 +04:00
Check if request should be throttled.
2012-09-05 00:58:35 +04:00
"""
for throttle in self.get_throttles():
2012-09-13 21:32:56 +04:00
if not throttle.allow_request(request):
2012-09-06 16:49:15 +04:00
self.throttled(request, throttle.wait())
2012-08-24 23:57:10 +04:00
2012-09-06 16:49:15 +04:00
def initialize_request(self, request, *args, **kargs):
"""
2012-09-06 16:49:15 +04:00
Returns the initial request object.
"""
2012-09-14 22:36:44 +04:00
return Request(request, parser_classes=self.parser_classes,
authentication_classes=self.authentication_classes)
def initial(self, request, *args, **kwargs):
"""
Runs anything that needs to occur prior to calling the method handlers.
"""
self.format = self.get_format_suffix(**kwargs)
self.renderer, self.media_type = self.content_negotiation(request)
self.check_permissions(request)
self.check_throttles(request)
# If the request included a non-existant .format URL suffix,
# raise 404, but only after first making permission checks.
if getattr(self, 'format404', None):
raise Http404()
2012-09-07 14:12:24 +04:00
def finalize_response(self, request, response, *args, **kwargs):
2012-01-11 18:42:16 +04:00
"""
2012-09-06 16:49:15 +04:00
Returns the final response object.
2012-01-11 18:42:16 +04:00
"""
2012-09-04 15:02:05 +04:00
if isinstance(response, Response):
response.renderer = self.renderer
response.media_type = self.media_type
2012-09-04 15:02:05 +04:00
2012-02-25 22:45:17 +04:00
for key, value in self.headers.items():
response[key] = value
2012-09-04 15:02:05 +04:00
return response
2012-08-27 02:06:52 +04:00
def handle_exception(self, exc):
"""
Handle any exception that occurs, by returning an appropriate response,
or re-raising the error.
"""
if isinstance(exc, exceptions.NotAcceptable):
# Fall back to default renderer
self.renderer = exc.available_renderers[0]
self.media_type = exc.available_renderers[0].media_type
elif isinstance(exc, exceptions.Throttled):
# Throttle wait header
2012-09-05 00:58:35 +04:00
self.headers['X-Throttle-Wait-Seconds'] = '%d' % exc.wait
2012-09-01 23:26:27 +04:00
if isinstance(exc, exceptions.APIException):
2012-08-27 02:06:52 +04:00
return Response({'detail': exc.detail}, status=exc.status_code)
elif isinstance(exc, Http404):
return Response({'detail': 'Not found'},
status=status.HTTP_404_NOT_FOUND)
elif isinstance(exc, PermissionDenied):
return Response({'detail': 'Permission denied'},
status=status.HTTP_403_FORBIDDEN)
raise
2011-05-04 12:21:17 +04:00
# Note: session based authentication is explicitly CSRF validated,
# all other authentication is CSRF exempt.
@csrf_exempt
def dispatch(self, request, *args, **kwargs):
2012-09-06 16:49:15 +04:00
"""
`.dispatch()` is pretty much the same as Django's regular dispatch,
but with extra hooks for startup, finalize, and exception handling.
2012-09-06 16:49:15 +04:00
"""
request = self.initialize_request(request, *args, **kwargs)
self.request = request
self.args = args
self.kwargs = kwargs
2012-02-25 22:45:17 +04:00
self.headers = self.default_response_headers
try:
2012-09-06 16:49:15 +04:00
self.initial(request, *args, **kwargs)
# Get the appropriate handler method
if request.method.lower() in self.http_method_names:
handler = getattr(self, request.method.lower(),
self.http_method_not_allowed)
else:
handler = self.http_method_not_allowed
2012-02-20 13:36:03 +04:00
response = handler(request, *args, **kwargs)
2012-08-27 02:06:52 +04:00
except Exception as exc:
response = self.handle_exception(exc)
2011-12-09 16:54:11 +04:00
2012-09-06 16:49:15 +04:00
self.response = self.finalize_response(request, response, *args, **kwargs)
2012-02-25 22:45:17 +04:00
return self.response